CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 5/6 • 612 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-10-30
High

CVE-2024-9632

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payloa…

CVSS: 7.8 CWE: CWE-122
Read more
2024-10-23
High

CVE-2024-20495

A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker…

CVSS: 8.6 CWE: CWE-20
Read more
High

CVE-2024-20494

A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote atta…

CVSS: 8.6 CWE: CWE-1287
Read more
High

CVE-2024-20408

A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote…

CVSS: 7.7 CWE: CWE-1287
Read more
High

CVE-2024-20402

A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause…

CVSS: 8.6 CWE: CWE-788
Read more
High

CVE-2024-20351

A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, rem…

CVSS: 8.6 CWE: CWE-400
Read more
High

CVE-2024-20339

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of ser…

CVSS: 8.6 CWE: CWE-476
Read more
High

CVE-2024-20330

A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, rem…

CVSS: 8.6 CWE: CWE-788
Read more
High

CVE-2024-20268

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authentic…

CVSS: 7.7 CWE: CWE-231
Read more
2024-10-14
Medium

CVE-2024-9823

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sen…

CVSS: 5.3 CWE: CWE-400
Read more
2024-10-07
High

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2024-33049

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

CVSS: 7.5 CWE: CWE-126
Read more
2024-09-27
High

CVE-2024-9029

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of…

CVSS: 7.5 CWE: CWE-126
Read more
2024-09-02
High

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

CVSS: 7.5 CWE: CWE-126
Read more
2024-08-21
High

CVE-2024-20375

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could all…

CVSS: 8.6 CWE: CWE-787
Read more
2024-07-21
Medium

CVE-2024-38435

Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service

CVSS: 6.5 CWE: CWE-703
Read more
2024-07-17
Critical

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying ope…

CVSS: 9.8 CWE: CWE-36
Read more
High

CVE-2024-20323

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes an…

CVSS: 7.5 CWE: CWE-321
Read more
2024-07-15
Medium

CVE-2024-39827

Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.

CVSS: 5.5 CWE: CWE-20
Read more
Medium

CVE-2024-39821

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.

CVSS: 6.6 CWE: CWE-367
Read more
Medium

CVE-2024-39820

Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.

CVSS: 6.6 CWE: CWE-427
Read more
2024-07-13
Medium

CVE-2023-39329

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

CVSS: 6.5 CWE: CWE-400
Read more
2024-07-12
Critical

CVE-2024-6396

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises d…

CVSS: 9.8 CWE: CWE-29
Read more
2024-07-11
High

CVE-2024-6468

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiv…

CVSS: 7.5 CWE: CWE-703
Read more
High

CVE-2024-39542

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evo…

CVSS: 7.5 CWE: CWE-1286
Read more
2024-07-10
Critical

CVE-2024-6037

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to un…

CVSS: 9.1 CWE: CWE-400
Read more
High

CVE-2024-5491

Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler

CVSS: 7.5 CWE: N/A
Read more
2024-06-27
High

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any f…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2024-6038

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.p…

CVSS: 7.5 CWE: CWE-625
Read more
High

CVE-2024-5979

In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertToo…

CVSS: 7.5 CWE: CWE-400
Read more
2024-06-25
High

CVE-2024-5216

A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to…

CVSS: 7.5 CWE: CWE-400
Read more
2024-06-13
High

CVE-2024-32924

In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution pr…

CVSS: 7.5 CWE: N/A
Read more
Medium

CVE-2024-32923

there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not ne…

CVSS: 4.0 CWE: N/A
Read more
2024-06-12
High

CVE-2024-5211

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables…

CVSS: 7.2 CWE: CWE-29
Read more
2024-06-10
Medium

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions c…

CVSS: 5.3 CWE: CWE-73
Read more
2024-05-31
Critical

CVE-2024-5436

Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.

CVSS: 9.8 CWE: CWE-704
Read more
2024-05-28
Medium

CVE-2023-30308

An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of service.

CVSS: 6.5 CWE: CWE-203
Read more
2024-05-15
Medium

CVE-2024-20394

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability…

CVSS: 5.5 CWE: CWE-20
Read more
Medium

CVE-2023-7258

A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permissi…

CVSS: 4.8 CWE: CWE-400
Read more
2024-05-14
Low

CVE-2024-4855

Use after free issue in editcap could cause denial of service via crafted capture file

CVSS: 3.6 CWE: CWE-416
Read more
Low

CVE-2024-4853

Memory handling issue in editcap could cause denial of service via crafted capture file

CVSS: 3.6 CWE: CWE-762
Read more
Medium

CVE-2024-4067

The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` wil…

CVSS: 5.3 CWE: CWE-1333
Read more
Medium

CVE-2023-38264

The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to impro…

CVSS: 5.9 CWE: CWE-502
Read more
2024-05-06
High

CVE-2024-33601

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process du…

CVSS: 7.3 CWE: CWE-617
Read more
High

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

CVSS: 7.5 CWE: CWE-617
Read more
2024-05-01
Medium

CVE-2024-33518

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the abi…

CVSS: 5.3 CWE: CWE-121
Read more
Medium

CVE-2024-33517

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the abi…

CVSS: 5.3 CWE: CWE-121
Read more
Medium

CVE-2024-33516

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the a…

CVSS: 5.3 CWE: CWE-121
Read more
Medium

CVE-2024-33515

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to i…

CVSS: 5.3 CWE: CWE-121
Read more
Medium

CVE-2024-33514

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to i…

CVSS: 5.3 CWE: CWE-121
Read more
Medium

CVE-2024-33513

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to i…

CVSS: 5.9 CWE: CWE-121
Read more
2024-04-24
High

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote att…

CVSS: 8.6 CWE: CWE-835
Read more
2024-04-18
High

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue…

CVSS: 7.5 CWE: CWE-475
Read more
2024-04-16
High

CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allow…

CVSS: 7.5 CWE: CWE-409
Read more
High

CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access,…

CVSS: 8.2 CWE: CWE-288
Read more
2024-04-09
Medium

CVE-2024-27242

Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.

CVSS: 4.1 CWE: CWE-79
Read more
2024-04-08
Low

CVE-2024-31047

An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.

CVSS: 3.3 CWE: CWE-190
Read more
2024-04-04
High

CVE-2024-28787

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of serv…

CVSS: 8.7 CWE: CWE-650
Read more
2024-04-01
High

CVE-2024-21453

Transient DOS while decoding message of size that exceeds the available system memory.

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVSS: 7.5 CWE: CWE-704
Read more
High

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVSS: 7.5 CWE: CWE-20
Read more
2024-03-27
Medium

CVE-2024-20307

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected devi…

CVSS: 6.8 CWE: CWE-121
Read more
Medium

CVE-2024-20354

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition…

CVSS: 4.7 CWE: CWE-460
Read more
High

CVE-2024-20314

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and sto…

CVSS: 8.6 CWE: CWE-783
Read more
High

CVE-2024-20311

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to rel…

CVSS: 8.6 CWE: CWE-674
Read more
Medium

CVE-2024-20309

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This…

CVSS: 5.6 CWE: CWE-828
Read more
High

CVE-2024-20303

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service…

CVSS: 7.4 CWE: CWE-459
Read more
High

CVE-2024-20276

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerabili…

CVSS: 7.4 CWE: CWE-248
Read more
High

CVE-2024-20271

A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.…

CVSS: 8.6 CWE: CWE-20
Read more
2024-03-26
High

CVE-2024-2955

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-762
Read more
Medium

CVE-2024-1455

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML doc…

CVSS: 5.9 CWE: CWE-776
Read more
High

CVE-2023-47150

IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Forc…

CVSS: 7.5 CWE: CWE-400
Read more
2024-03-21
Medium

CVE-2024-1727

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious…

CVSS: 4.3 CWE: CWE-352
Read more
2024-03-13
Medium

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue…

CVSS: 6.3 CWE: CWE-459
Read more
2024-03-05
Medium

CVE-2024-25615

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the abi…

CVSS: 5.3 CWE: CWE-400
Read more
2024-03-04
High

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

CVSS: 7.5 CWE: CWE-617
Read more
High

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

CVSS: 7.5 CWE: CWE-617
Read more
High

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

CVSS: 7.5 CWE: CWE-401
Read more
2024-02-29
Medium

CVE-2024-20344

A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause…

CVSS: 5.3 CWE: CWE-400
Read more
2024-02-06
High

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

CVSS: 7.5 CWE: CWE-476
Read more
Medium

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver.

CVSS: 5.5 CWE: CWE-126
Read more
High

CVE-2023-33057

Transient DOS in Multi-Mode Call Processor while processing UE policy container.

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2023-33049

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

CVSS: 7.5 CWE: CWE-401
Read more
2024-01-27
High

CVE-2024-22861

Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.

CVSS: 7.5 CWE: CWE-190
Read more
2024-01-02
High

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

CVSS: 7.5 CWE: CWE-835
Read more
High

CVE-2023-33112

Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

CVSS: 7.5 CWE: CWE-476
Read more
High

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

CVSS: 7.5 CWE: CWE-126
Read more
2023-12-05
High

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

CVSS: 7.5 CWE: CWE-476
Read more
High

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2023-33070

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

CVSS: 7.1 CWE: CWE-287
Read more
High

CVE-2023-33044

Transient DOS in Data modem while handling TLB control messages from the Network.

CVSS: 7.5 CWE: CWE-617
Read more
High

CVE-2023-33043

Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

CVSS: 7.5 CWE: CWE-617
Read more
High

CVE-2023-33042

Transient DOS in Modem after RRC Setup message is received.

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot allocation.

CVSS: 7.5 CWE: CWE-190
Read more
2023-11-23
Medium

CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams…

CVSS: 5.5 CWE: CWE-400
Read more
2023-11-16
High

CVE-2023-47470

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a de…

CVSS: 7.8 CWE: CWE-787
Read more
2023-11-07
High

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit IES.

CVSS: 7.5 CWE: CWE-126
Read more
2023-10-25
High

CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty fu…

CVSS: 7.8 CWE: CWE-787
Read more
2023-10-03
High

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management frame.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVSS: 7.5 CWE: CWE-476
Read more
High

CVE-2023-24843

Transient DOS in Modem while triggering a camping on an 5G cell.

CVSS: 7.5 CWE: CWE-617
Read more
2023-09-12
High

CVE-2023-28831

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.…

CVSS: 7.5 CWE: CWE-190
Read more
2023-08-08
High

CVE-2023-39269

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDC…

CVSS: 7.5 CWE: CWE-770
Read more
2023-05-15
High

CVE-2022-47391

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

CVSS: 7.5 CWE: CWE-20
Read more
2022-09-13
Medium

CVE-2022-39158

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDC…

CVSS: 5.3 CWE: CWE-400
Read more
2021-12-20
High

CVE-2021-41561

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.

CVSS: 7.5 CWE: CWE-20
Read more
2021-10-26
High

CVE-2021-34585

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an inva…

CVSS: 7.5 CWE: CWE-252
Read more
2021-05-24
Medium

CVE-2021-21000

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

CVSS: 5.3 CWE: CWE-770
Read more
2021-03-03
High

CVE-2021-27923

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempt…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2021-27922

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attemp…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2021-27921

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempte…

CVSS: 7.5 CWE: CWE-20
Read more