CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 46/331 • 39661 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39661 CVEs for this tag (all time). In the last 365 days, 3229 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-06-12
Medium

CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of…

CVSS: 4.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-36856

RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. An attacker can exhaust system memory and crash the daemon by establishing and maintaining a v…

CVSS: 7.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2024-06-11
Medium

CVE-2024-34406

Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link.

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2024-35252

Azure Storage Movement Client Library Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-1104 - Use of Unmaintained Third Party Components View on NVD
High

CVE-2024-30083

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-30070

DHCP Server Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2024-30065

Windows Themes Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2024-37294

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users sh…

CVSS: 5.5 CWE: CWE-270 - Privilege Context Switching Error View on NVD
High

CVE-2024-2011

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outsi…

CVSS: 8.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-35292

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU S…

CVSS: 8.2 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
Medium

CVE-2023-50763

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543…

CVSS: 4.9 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2024-31402

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS)…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-31397

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able…

CVSS: 4.9 CWE: CWE-231 - Improper Handling of Extra Values View on NVD
High

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it.…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long r…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-06-10
Medium

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions c…

CVSS: 5.3 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service b…

CVSS: 8.6 CWE: CWE-779 - Logging of Excessive Data View on NVD
2024-06-09
Medium

CVE-2024-37535

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

CVSS: 4.4 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-06-07
Critical

CVE-2024-37388

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted…

CVSS: 9.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2024-36827

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via cr…

CVSS: 7.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2024-06-06
High

CVE-2023-51847

An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-5552

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely e…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2024-5225

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elem…

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2024-3429

A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This…

CVSS: 9.8 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
Medium

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authentic…

CVSS: 5.4 CWE: CWE-475 - Undefined Behavior for Input to API View on NVD
High

CVE-2024-36740

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.

CVSS: 7.5 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2024-36734

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-36732

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-36730

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2024-2965

A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sit…

CVSS: 4.7 CWE: CWE-674 - Uncontrolled Recursion View on NVD
High

CVE-2024-2288

A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting version…

CVSS: 8.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Critical

CVE-2024-1873

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allow…

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-3104

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environme…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.

CVSS: 7.5 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-2914

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to…

CVSS: 8.8 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
High

CVE-2024-36742

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses ar…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-06-05
Low

CVE-2023-50803

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 13…

CVSS: 3.7 CWE: N/A View on NVD
2024-06-04
High

CVE-2024-29170

Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability,…

CVSS: 8.1 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2024-5000

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

CVSS: 7.5 CWE: CWE-131 - Incorrect Calculation of Buffer Size View on NVD
High

CVE-2023-5751

A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.

CVSS: 7.8 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2024-5422

An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects…

CVSS: 7.1 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-06-03
High

CVE-2024-36128

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory is…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2024-21478

transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA.

CVSS: 6.2 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
Medium

CVE-2024-20068

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed…

CVSS: 5.9 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-20067

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is n…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-20066

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-06-02
High

CVE-2024-36390

MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2024-06-01
High

CVE-2024-4148

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2024-05-31
High

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse…

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-36845

An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

CVSS: 4.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-36844

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2024-31030

An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet.

CVSS: 9.1 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-22059

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2024-5436

Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.

CVSS: 9.8 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
2024-05-30
High

CVE-2024-35428

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.

CVSS: 7.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 devi…

CVSS: 4.4 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-05-29
Medium

CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specifi…

CVSS: 4.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-35492

Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-35434

Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) v…

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-35512

hmq v1.5.5 is vulnerable to Denial of Service (DoS) due to a Null Pointer Exception. A remote attacker can trigger a broker crash by sending a specially crafted MQTT UNSUBSCRIBE packet with an illega…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2024-35333

A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack b…

CVSS: 8.4 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, l…

CVSS: 7.6 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
Medium

CVE-2024-36378

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens

CVSS: 5.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-05-28
Medium

CVE-2023-30314

An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2023-30312

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server…

CVSS: 7.3 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.

CVSS: 7.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2023-30313

An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-30310

An issue discovered in Comfast Comfast CF-616AC routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2023-30309

An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 5.7 CWE: N/A View on NVD
Medium

CVE-2023-30308

An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 6.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2023-30307

An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which…

CVSS: 5.3 CWE: CWE-384 - Session Fixation View on NVD
Medium

CVE-2023-30306

An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-43850

Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web interface via HTTP POST r…

CVSS: 6.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
Medium

CVE-2023-43849

Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-30311

An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-30305

An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2024-24947

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to den…

CVSS: 8.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-24946

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to den…

CVSS: 8.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-3657

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

CVSS: 5.7 CWE: CWE-20 - Improper Input Validation View on NVD
2024-05-27
Medium

CVE-2024-35238

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash t…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.

CVSS: 5.3 CWE: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') View on NVD
High

CVE-2024-35231

rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that…

CVSS: 8.6 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-05-26
Medium

CVE-2024-36055

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8,…

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2024-05-24
Medium

CVE-2023-46442

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).

CVSS: 4.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-33809

PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks.

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-05-23
Medium

CVE-2024-1947

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an…

CVSS: 4.3 CWE: CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification) View on NVD
Medium

CVE-2023-6502

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to…

CVSS: 4.3 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2024-05-22
Medium

CVE-2024-31904

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IB…

CVSS: 6.5 CWE: CWE-248 - Uncaught Exception View on NVD
2024-05-21
High

CVE-2024-22273

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may ex…

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-35386

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2024-35385

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-35384

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-4420

There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input th…

CVSS: 7.5 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
Medium

CVE-2024-0816

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI comman…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by s…

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-05-20
Medium

CVE-2024-35194

Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created…

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-31714

Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP connections.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2024-34953

An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-34952

taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of…

CVSS: 5.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Critical

CVE-2024-4323

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, info…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-05-19
Medium

CVE-2024-4284

A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's `id` attribute to a value of 0. This issue affects the current versio…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-35889

In the Linux kernel, the following vulnerability has been resolved: idpf: fix kernel panic on unknown packet types In the very rare case where a packet type is unknown to the driver, idpf_rx_proces…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2024-5095

A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of servic…

CVSS: 6.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2024-05-18
High

CVE-2024-31879

IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2024-23556

SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability.

CVSS: 5.9 CWE: N/A View on NVD
2024-05-17
High

CVE-2024-5052

Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of inco…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-05-16
Medium

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-22015

Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-48368

Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-47859

Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-47210

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS: 4.7 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2023-47169

Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 3.3 CWE: CWE-92 View on NVD