Total
3339 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27600 | 2024-12-20 | 6.8 Medium | ||
| An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | ||||
| CVE-2024-32663 | 1 Oisf | 1 Suricata | 2024-12-19 | 7.5 High |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536). | ||||
| CVE-2024-0026 | 1 Google | 1 Android | 2024-12-17 | 5.5 Medium |
| In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-11835 | 2024-12-16 | N/A | ||
| Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | ||||
| CVE-2024-12579 | 2024-12-16 | 5.3 Medium | ||
| The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages. | ||||
| CVE-2024-1953 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.3 Medium |
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request. | ||||
| CVE-2024-28053 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 3.1 Low |
| Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server. | ||||
| CVE-2024-2446 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.3 Medium |
| Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages. | ||||
| CVE-2018-12122 | 3 Nodejs, Redhat, Suse | 5 Node.js, Rhel Software Collections, Suse Enterprise Storage and 2 more | 2024-12-13 | 7.5 High |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. | ||||
| CVE-2024-28949 | 1 Mattermost | 1 Mattermost Server | 2024-12-12 | 4.3 Medium |
| Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service. | ||||
| CVE-2022-33168 | 1 Ibm | 1 Security Directory Suite Va | 2024-12-12 | 7.5 High |
| IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. | ||||
| CVE-2024-27874 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2024-12-12 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service. | ||||
| CVE-2023-20268 | 1 Cisco | 7 Business 150ax, Business 150ax Firmware, Business 151axm and 4 more | 2024-12-12 | 4.7 Medium |
| A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic. | ||||
| CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2024-12-12 | 4.9 Medium |
| Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | ||||
| CVE-2024-40841 | 1 Apple | 1 Macos | 2024-12-12 | 7.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination. | ||||
| CVE-2023-34166 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
| Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | ||||
| CVE-2023-31348 | 1 Amd | 2 Uprof, Uprof Tool | 2024-12-12 | 7.3 High |
| A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-12-11 | 5.3 Medium |
| A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | ||||
| CVE-2024-44169 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2024-12-11 | 8.1 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination. | ||||
| CVE-2024-27862 | 1 Apple | 1 Macos | 2024-12-10 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled. | ||||