Total
1846 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21543 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2024-05-29 | 8.1 High |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | ||||
| CVE-2023-36703 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-05-29 | 7.5 High |
| DHCP Server Service Denial of Service Vulnerability | ||||
| CVE-2023-36606 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | 7.5 High |
| Microsoft Message Queuing Denial of Service Vulnerability | ||||
| CVE-2023-36579 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | 7.5 High |
| Microsoft Message Queuing Denial of Service Vulnerability | ||||
| CVE-2023-36435 | 1 Microsoft | 4 .net, Windows 11 21h2, Windows 11 22h2 and 1 more | 2024-05-29 | 7.5 High |
| Microsoft QUIC Denial of Service Vulnerability | ||||
| CVE-2023-36431 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | 7.5 High |
| Microsoft Message Queuing Denial of Service Vulnerability | ||||
| CVE-2023-36042 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2024-05-29 | 5.5 Medium |
| Visual Studio Denial of Service Vulnerability | ||||
| CVE-2023-32013 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-05-29 | 5.3 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2023-29331 | 1 Microsoft | 14 .net, .net Framework, Windows 10 1507 and 11 more | 2024-05-29 | 7.5 High |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2023-42669 | 2 Redhat, Samba | 8 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Ibm Z Systems and 5 more | 2024-05-23 | 6.5 Medium |
| A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task. | ||||
| CVE-2024-0348 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-05-17 | 6.5 Medium |
| A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116. | ||||
| CVE-2023-3163 | 1 Ruoyi | 1 Ruoyi | 2024-05-17 | 7.5 High |
| A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4952 | 1 Dotnetfoundation | 1 C\# Language Server Protocol | 2024-05-17 | 7.5 High |
| A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-30591 | 1 Quic-go Project | 1 Quic-go | 2024-05-17 | 7.5 High |
| quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor's position is that this behavior should not be listed as a vulnerability on the CVE List | ||||
| CVE-2020-36620 | 1 Enumstringvalues Project | 1 Enumstringvalues | 2024-05-17 | 7.5 High |
| A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability. | ||||
| CVE-2019-11390 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-05-17 | 5.3 Medium |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | ||||
| CVE-2019-11389 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-05-17 | 5.3 Medium |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | ||||
| CVE-2018-15907 | 1 Technicolor | 2 Tc8305c, Tc8305c Firmware | 2024-05-17 | N/A |
| Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions | ||||
| CVE-2018-15852 | 1 Technicolor | 2 Tc7200.20, Tc7200.20 Firmware | 2024-05-17 | N/A |
| Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions | ||||
| CVE-2017-7397 | 1 Backbox | 1 Backbox Linux | 2024-05-17 | N/A |
| BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions. | ||||