Filtered by CWE-400
Total 3316 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1072 1 Gitlab 1 Gitlab 2025-02-28 4.3 Medium
An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.
CVE-2023-24860 1 Microsoft 1 Malware Protection Engine 2025-02-28 7.5 High
Microsoft Defender Denial of Service Vulnerability
CVE-2023-20911 1 Google 1 Android 2025-02-28 7.8 High
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498
CVE-2023-20910 1 Google 1 Android 2025-02-28 5.5 Medium
In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-29331 2 Microsoft, Redhat 17 .net, .net Framework, Windows 10 1507 and 14 more 2025-02-28 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-23396 1 Microsoft 2 Office Online Server, Office Web Apps Server 2025-02-28 6.5 Medium
Microsoft Excel Denial of Service Vulnerability
CVE-2021-3735 2 Debian, Qemu 2 Debian Linux, Qemu 2025-02-28 4.4 Medium
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVE-2023-40593 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 6.3 Medium
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.
CVE-2024-45736 1 Splunk 3 Splunk, Splunk Cloud Platform, Splunk Enterprise 2025-02-28 6.5 Medium
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).
CVE-2023-40594 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 6.5 Medium
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
CVE-2023-38210 1 Adobe 1 Xmp Toolkit Software Development Kit 2025-02-27 5.5 Medium
Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-4394 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-02-27 6.7 Medium
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information
CVE-2023-38251 1 Adobe 2 Commerce, Magento 2025-02-27 5.3 Medium
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.
CVE-2025-27097 1 The-guild 1 Graphql Mesh 2025-02-27 7.5 High
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. If a token is sent via variables, the following requests will act like the same token is sent even if the following requests have different tokens. This can cause a short memory leak but it won't grow per each request but per different operation until the cache evicts DocumentNode by LRU mechanism.
CVE-2023-25618 1 Sap 1 Netweaver Application Server Abap 2025-02-27 6.5 Medium
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
CVE-2023-27270 1 Sap 1 Netweaver Application Server Abap 2025-02-27 6.5 Medium
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
CVE-2021-46877 2 Fasterxml, Redhat 15 Jackson-databind, Amq Streams, Camel Spring Boot and 12 more 2025-02-26 7.5 High
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
CVE-2023-38180 3 Fedoraproject, Microsoft, Redhat 7 Fedora, .net, Asp.net Core and 4 more 2025-02-26 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2023-26767 2 Liblouis, Redhat 2 Liblouis, Enterprise Linux 2025-02-26 7.5 High
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.
CVE-2023-26769 2 Liblouis, Redhat 2 Liblouis, Enterprise Linux 2025-02-26 7.5 High
Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.