Total
1369 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3760 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-18 | 7.5 High |
| In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization. | ||||
| CVE-2021-1285 | 2024-11-18 | N/A | ||
| Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-52918 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 6.5 Medium |
| Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file. | ||||
| CVE-2024-48989 | 1 Boschrexrothag | 1 Indradrive Fwa Indrv Mp | 2024-11-13 | 7.5 High |
| A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | ||||
| CVE-2024-6762 | 1 Eclipse | 1 Jetty | 2024-11-08 | 3.1 Low |
| Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | ||||
| CVE-2024-8184 | 2 Eclipse, Redhat | 3 Jetty, Amq Streams, Rhboac Hawtio | 2024-11-08 | 5.9 Medium |
| There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. | ||||
| CVE-2024-51428 | 1 Expressif | 1 Esp Idf | 2024-11-08 | 7.5 High |
| An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet. | ||||
| CVE-2024-51557 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-08 | 6.5 Medium |
| This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system. | ||||
| CVE-2024-31880 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-06 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | ||||
| CVE-2024-48809 | 2 Aetherproject, Onosproject | 3 Onos-a1t, Sdran-in-a-box, Sdran-in-a-box | 2024-11-06 | 7.5 High |
| An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function. | ||||
| CVE-2024-10599 | 2 Tongda, Tongda2000 | 2 Oa 2017, Office Anywhere | 2024-11-04 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10468 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-04 | 9.8 Critical |
| Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. | ||||
| CVE-2024-40680 | 1 Ibm | 2 Mq Appliance, Mq Operator | 2024-10-31 | 5.5 Medium |
| IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | ||||
| CVE-2024-20526 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-10-31 | 5.3 Medium |
| A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM). | ||||
| CVE-2024-44459 | 1 Octavolabs | 1 Vernemq | 2024-10-30 | 7.5 High |
| A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption. | ||||
| CVE-2024-45526 | 1 Opcfoundation | 1 Ua-.netstandard | 2024-10-23 | 5.3 Medium |
| An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually. | ||||
| CVE-2024-41128 | 1 Rails | 1 Rails | 2024-10-18 | 3.7 Low |
| Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. | ||||
| CVE-2024-47502 | 1 Juniper | 1 Junos Evolved | 2024-10-15 | 7.5 High |
| An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established. A continuously increasing number of connections shown by: user@host > show system connections is indicative of the problem. To recover the respective RE needs to be restarted manually. This issue only affects IPv4 but does not affect IPv6. This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine). This issue affects Junos OS Evolved: * All versions before 21.4R3-S9-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 version before 22.4R3-S3-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R2-EVO. | ||||
| CVE-2024-47614 | 1 Graphql | 1 Async-graphql | 2024-10-04 | 7.5 High |
| async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10. | ||||
| CVE-2024-7734 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2024-09-28 | 5.3 Medium |
| An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers. | ||||