CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 38/331 • 39653 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39653 CVEs for this tag (all time). In the last 365 days, 3222 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-11-13
Medium

CVE-2024-28169

Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacen…

CVSS: 5.4 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Medium

CVE-2024-28049

Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denia…

CVSS: 5.7 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2024-28030

NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 2.2 CWE: CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference View on NVD
Low

CVE-2024-25565

Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.

CVSS: 3.8 CWE: CWE-691 - Insufficient Control Flow Management View on NVD
Medium

CVE-2024-24984

Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent acce…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-23198

Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of serv…

CVSS: 6.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-21853

Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local a…

CVSS: 4.7 CWE: CWE-1245 - Improper Finite State Machines (FSMs) in Hardware Logic View on NVD
Medium

CVE-2024-40443

SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php

CVSS: 4.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2024-43083

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privil…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-49506

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem

CVSS: 7.3 CWE: CWE-377 - Insecure Temporary File View on NVD
High

CVE-2024-48989

A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending ar…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attac…

CVSS: 7.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service…

CVSS: 7.5 CWE: CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel View on NVD
Medium

CVE-2024-38654

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-37400

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-10717

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license fun…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2024-11-12
High

CVE-2024-51179

An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Fun…

CVSS: 7.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2024-8534

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR…

CVSS: 8.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2024-47458

Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-43642

Windows SMB Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-43633

Windows Hyper-V Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2024-43499

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification) View on NVD
Medium

CVE-2024-38264

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

CVSS: 5.9 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2024-9843

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

CVSS: 5.0 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-50321

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-50320

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-50319

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-50318

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-50317

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-47909

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a…

CVSS: 4.9 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-47907

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-47905

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a…

CVSS: 4.9 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-47535

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could pote…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-comp…

CVSS: 8.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-50558

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-46891

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthent…

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-8882

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privi…

CVSS: 4.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-11-11
High

CVE-2024-10345

In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek.

CVSS: 8.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-10344

In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.

CVSS: 8.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-10314

In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek.

CVSS: 8.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-38826

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundr…

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Unknown

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attri…

CVSS: N/A CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
2024-11-08
Medium

CVE-2024-35419

wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm fi…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-35418

wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm fil…

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-35410

wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2024-27528

wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution.

CVSS: 8.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-27527

wasm3 139076a is vulnerable to Denial of Service (DoS).

CVSS: 7.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-21994

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service…

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increa…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Medium

CVE-2024-45759

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially expl…

CVSS: 6.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial o…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2024-11-07
High

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-48290

An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.

CVSS: 4.3 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2023-1973

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2024-11-06
Medium

CVE-2024-51409

Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the f…

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2024-20484

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) con…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-34681

Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.

CVSS: 6.6 CWE: N/A View on NVD
2024-11-05
Medium

CVE-2024-52030

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52029

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52028

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52026

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52025

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52024

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to c…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52023

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cau…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52017

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52016

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri an…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52015

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability all…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52014

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability a…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-52013

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability all…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51022

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cra…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51020

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51019

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cr…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51018

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51017

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51016

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51014

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51013

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51012

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafte…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51011

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to caus…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51007

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted P…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51006

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51004

Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters.…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51003

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri an…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51002

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51001

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-51000

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities a…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-50998

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vul…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-50997

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-50996

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allo…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-50995

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-50994

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Low

CVE-2024-47402

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-11-04
High

CVE-2024-48809

An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specificall…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-38405

Transient DOS while processing the CU information from RNR IE.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2024-38403

Transient DOS while parsing BTM ML IE when per STA profile is not included.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CVSS: 7.5 CWE: CWE-617 - Reachable Assertion View on NVD
Medium

CVE-2024-20112

In isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploi…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-11-01
High

CVE-2024-22733

TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-48289

An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet.

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2024-0106

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exp…

CVSS: 8.7 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD
High

CVE-2024-0105

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of s…

CVSS: 8.9 CWE: CWE-274 - Improper Handling of Insufficient Privileges View on NVD
High

CVE-2024-47939

Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request…

CVSS: 7.7 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2024-10-31
High

CVE-2024-8185

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster jo…

CVSS: 7.5 CWE: CWE-636 - Not Failing Securely ('Failing Open') View on NVD
2024-10-30
Medium

CVE-2024-48241

An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-33700

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malforme…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request…

CVSS: 3.7 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-9632

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payloa…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-10-29
Critical

CVE-2024-8309

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulatio…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-7807

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Critical

CVE-2024-7042

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability p…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files w…

CVSS: 9.1 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2024-10464

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerabi…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-10-28
High

CVE-2024-45802

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resour…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the book…

CVSS: 4.9 CWE: N/A View on NVD
2024-10-26
High

CVE-2020-26311

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2020-26310

Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial o…

CVSS: 8.7 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2020-26309

Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service…

CVSS: 8.7 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD