Medium
CVE-2024-33431
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.
Tag: Denial of Service (DoS)
All CVEs associated with "Denial of Service (DoS)". Page 48/331 • 39661 CVEs.
Subscribe CVEs: RSS for “Denial of Service (DoS)” · RSS (High+Critical only)
About “Denial of Service (DoS)”
A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39661 CVEs for this tag (all time). In the last 365 days, 3229 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-05-01
High
CVE-2024-25355
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component.
Medium
CVE-2024-33518
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the abi…
Medium
CVE-2024-33517
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the abi…
Medium
CVE-2024-33516
An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the a…
Medium
CVE-2024-33515
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to i…
Medium
CVE-2024-33514
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to i…
Medium
CVE-2024-33513
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to i…
High
CVE-2024-25015
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 28…
High
CVE-2024-20376
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.…
Medium
CVE-2024-24978
Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receiving a specially crafted request by a remote attacker or having a user of TvRock click a specially crafted request may lead to ABEN…
High
CVE-2024-32018
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compil…
Critical
CVE-2024-32017
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()…
High
CVE-2024-31225
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a s…
2024-04-30
High
CVE-2024-34088
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL v…
High
CVE-2024-4340
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
Medium
CVE-2023-50915
An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an N…
2024-04-29
Medium
CVE-2023-50433
marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug th…
Medium
CVE-2023-50432
simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to…
High
CVE-2023-46960
Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacker to cause a denial of service via the handle function in the tftp module.
High
CVE-2023-46566
Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory c…
Medium
CVE-2023-31889
An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request.
High
CVE-2023-46565
Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.
Medium
CVE-2024-33345
D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted…
High
CVE-2024-32269
An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet.
Low
CVE-2024-32268
An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.
High
CVE-2024-2757
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS att…
High
CVE-2024-33899
RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.
2024-04-27
Medium
CVE-2024-4292
A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. T…
2024-04-26
High
CVE-2024-32878
Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will…
Low
CVE-2024-22091
Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive…
High
CVE-2024-4056
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
Medium
CVE-2024-33667
An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properl…
Medium
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT…
2024-04-25
Medium
CVE-2024-1726
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed…
Medium
CVE-2024-25026
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request.…
High
CVE-2024-2829
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1.…
High
CVE-2024-2434
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and rest…
High
CVE-2024-25583
A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use…
High
CVE-2024-4173
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
Medium
CVE-2023-6237
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experie…
2024-04-24
High
CVE-2024-20313
A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a de…
High
CVE-2024-20353
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote att…
2024-04-23
Medium
CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakn…
High
CVE-2024-31077
Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any inform…
Medium
CVE-2024-28890
Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessi…
Medium
CVE-2024-1241
Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver.
2024-04-22
Medium
CVE-2024-31036
A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.
High
CVE-2024-32368
Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component.
Medium
CVE-2024-22815
An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands.
High
CVE-2024-22811
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC rou…
High
CVE-2024-22808
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC rou…
Medium
CVE-2024-30799
An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function.
2024-04-19
Medium
CVE-2024-31994
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If i…
Low
CVE-2023-51792
Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.
Medium
CVE-2023-27279
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
High
CVE-2024-22640
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
Medium
CVE-2023-49275
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients…
High
CVE-2024-31744
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specif…
High
CVE-2024-27984
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.
Medium
CVE-2024-27978
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
Medium
CVE-2024-24991
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
High
CVE-2024-23532
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain condition…
High
CVE-2024-23531
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare condi…
2024-04-18
High
CVE-2024-20380
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue…
2024-04-17
Medium
CVE-2024-31585
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a…
High
CVE-2024-31582
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause und…
Medium
CVE-2024-31580
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (…
High
CVE-2024-31041
Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.
Low
CVE-2024-31040
Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.
Medium
CVE-2023-5407
Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
Medium
CVE-2023-5398
Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioni…
High
CVE-2023-46060
A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component.
High
CVE-2024-26898
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is:…
2024-04-16
Low
CVE-2024-27086
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to…
Medium
CVE-2024-21120
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vuln…
Medium
CVE-2024-21119
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vuln…
Medium
CVE-2024-21118
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vuln…
Medium
CVE-2024-21117
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vuln…
Medium
CVE-2024-21106
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low pr…
Medium
CVE-2024-21102
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vuln…
Low
CVE-2024-21098
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.…
Medium
CVE-2024-21096
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnera…
High
CVE-2024-21090
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthe…
Medium
CVE-2024-21087
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploi…
Low
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf,…
Medium
CVE-2024-21069
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability a…
Medium
CVE-2024-21063
Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily explo…
Medium
CVE-2024-21062
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerabi…
Medium
CVE-2024-21061
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulne…
Medium
CVE-2024-21060
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vul…
Medium
CVE-2024-21057
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high priv…
Medium
CVE-2024-21056
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged…
Medium
CVE-2024-21055
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high priv…
Medium
CVE-2024-21054
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerabi…
Medium
CVE-2024-21053
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged…
Medium
CVE-2024-21052
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged…
Medium
CVE-2024-21051
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged…
Medium
CVE-2024-21050
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged…
Medium
CVE-2024-21049
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged…
Medium
CVE-2024-21047
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows…
Medium
CVE-2024-21015
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability a…
Medium
CVE-2024-21013
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnera…
Low
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE…
Medium
CVE-2024-21009
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerabi…
Medium
CVE-2024-21008
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnera…
Medium
CVE-2024-20998
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerabi…
Low
CVE-2024-20995
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high p…
Medium
CVE-2024-20994
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploi…
Medium
CVE-2024-20993
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabi…
High
CVE-2024-20989
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Supported versions that are affected are 19.1.0-19.5.4. Difficult to expl…
Medium
CVE-2024-30380
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which ca…
Medium
CVE-2024-30378
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to…
High
CVE-2023-51391
A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.
High
CVE-2024-3572
The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allow…
High
CVE-2024-1646
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access,…
High
CVE-2024-1569
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authe…
2024-04-15
High
CVE-2024-30656
An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.
Medium
CVE-2024-32035
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulner…
Medium
CVE-2024-30840
A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.