Total
1846 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-1300 | 2024-06-20 | 5.4 Medium | ||
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error. | ||||
CVE-2024-2829 | 2024-06-20 | 7.5 High | ||
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. | ||||
CVE-2023-33026 | 1 Qualcomm | 390 Ar8035, Ar8035 Firmware, Ar9380 and 387 more | 2024-06-20 | 7.5 High |
Transient DOS in WLAN Firmware while parsing a NAN management frame. | ||||
CVE-2024-37904 | 2024-06-20 | 5.7 Medium | ||
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on lines `L55-L89`. The Git provider does the following on the lines `L56-L62`. First, it sets the `CloneOptions`, specifying the url, the depth etc. It then validates the options. It then sets up an in-memory filesystem, to which it clones and Finally, it clones the repository. The `(g *Git) Clone()` method is vulnerable to a DoS attack: A Minder user can instruct Minder to clone a large repository which will exhaust memory and crash the Minder server. The root cause of this vulnerability is a combination of the following conditions: 1. Users can control the Git URL which Minder clones, 2. Minder does not enforce a size limit to the repository, 3. Minder clones the entire repository into memory. This issue has been addressed in commit `7979b43` which has been included in release version v0.0.52. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-5208 | 2024-06-20 | N/A | ||
An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability. | ||||
CVE-2024-3153 | 2024-06-20 | N/A | ||
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request. | ||||
CVE-2024-30019 | 2024-06-19 | 6.5 Medium | ||
DHCP Server Service Denial of Service Vulnerability | ||||
CVE-2023-36038 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2024-06-18 | 7.5 High |
ASP.NET Core Denial of Service Vulnerability | ||||
CVE-2023-5157 | 3 Fedoraproject, Mariadb, Redhat | 12 Fedora, Mariadb, Enterprise Linux and 9 more | 2024-06-18 | 7.5 High |
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | ||||
CVE-2024-5469 | 2024-06-17 | 3.1 Low | ||
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. | ||||
CVE-2023-52425 | 1 Libexpat Project | 1 Libexpat | 2024-06-14 | 7.5 High |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | ||||
CVE-2024-1495 | 2024-06-13 | 6.5 Medium | ||
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file. | ||||
CVE-2024-1736 | 2024-06-13 | 6.5 Medium | ||
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files. | ||||
CVE-2024-1963 | 2024-06-13 | 6.5 Medium | ||
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. | ||||
CVE-2024-27310 | 2024-06-13 | 5.3 Medium | ||
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query. | ||||
CVE-2023-35329 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-06-12 | 6.5 Medium |
Windows Authentication Denial of Service Vulnerability | ||||
CVE-2024-21392 | 2024-06-12 | 7.5 High | ||
.NET and Visual Studio Denial of Service Vulnerability | ||||
CVE-2024-26190 | 2024-06-12 | 7.5 High | ||
Microsoft QUIC Denial of Service Vulnerability | ||||
CVE-2019-11388 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-06-11 | 5.3 Medium |
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | ||||
CVE-2024-26215 | 2024-06-11 | 7.5 High | ||
DHCP Server Service Denial of Service Vulnerability |