CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 50/331 • 39661 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39661 CVEs for this tag (all time). In the last 365 days, 3229 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-04-02
High

CVE-2024-28226

in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2024-22180

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.

CVSS: 3.3 CWE: CWE-416 - Use After Free View on NVD
2024-04-01
Medium

CVE-2023-48906

Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.

CVSS: 4.3 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-21454

Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.

CVSS: 7.5 CWE: CWE-680 - Integer Overflow to Buffer Overflow View on NVD
High

CVE-2024-21453

Transient DOS while decoding message of size that exceeds the available system memory.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-21452

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.

CVSS: 7.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVSS: 7.5 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
High

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2024-20051

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploi…

CVSS: 2.3 CWE: N/A View on NVD
2024-03-31
Medium

CVE-2024-22353

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerabil…

CVSS: 5.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-03-29
High

CVE-2024-29904

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2024-03-28
Medium

CVE-2024-25954

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, lead…

CVSS: 5.3 CWE: CWE-613 - Insufficient Session Expiration View on NVD
Medium

CVE-2024-25953

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability,…

CVSS: 6.0 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
Medium

CVE-2024-25952

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability,…

CVSS: 6.0 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
Medium

CVE-2024-2818

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for…

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-03-27
High

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2024-0079

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-0078

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial o…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-0077

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnera…

CVSS: 7.8 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2024-0075

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A…

CVSS: 6.1 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-0074

NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial…

CVSS: 7.1 CWE: CWE-788 - Access of Memory Location After End of Buffer View on NVD
High

CVE-2024-0073

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required.…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2024-0071

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-2995

A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filenam…

CVSS: 5.4 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2024-20308

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected dev…

CVSS: 8.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-20307

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected devi…

CVSS: 6.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-20354

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition…

CVSS: 4.7 CWE: CWE-460 - Improper Cleanup on Thrown Exception View on NVD
High

CVE-2024-20314

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and sto…

CVSS: 8.6 CWE: CWE-783 - Operator Precedence Logic Error View on NVD
High

CVE-2024-20312

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial…

CVSS: 7.4 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-20311

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to rel…

CVSS: 8.6 CWE: CWE-674 - Uncontrolled Recursion View on NVD
Medium

CVE-2024-20309

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This…

CVSS: 5.6 CWE: CWE-828 - Signal Handler with Functionality that is not Asynchronous-Safe View on NVD
High

CVE-2024-20303

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service…

CVSS: 7.4 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2024-20276

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerabili…

CVSS: 7.4 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2024-20271

A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-20259

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of serv…

CVSS: 8.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-03-26
High

CVE-2024-26577

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-26303

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon

CVSS: 4.9 CWE: N/A View on NVD
High

CVE-2024-2955

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-762 - Mismatched Memory Management Routines View on NVD
Medium

CVE-2024-22436

A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service.

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-1455

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML doc…

CVSS: 5.9 CWE: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') View on NVD
High

CVE-2023-47150

IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Forc…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-6175

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-03-25
High

CVE-2023-47430

Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-25964

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of servi…

CVSS: 5.3 CWE: CWE-385 - Covert Timing Channel View on NVD
Medium

CVE-2021-47146

In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If h…

CVSS: 5.5 CWE: N/A View on NVD
2024-03-22
High

CVE-2023-5685

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-4063

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-03-21
Medium

CVE-2024-1727

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passi…

CVSS: 6.2 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a hig…

CVSS: 6.8 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-28101

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability.…

CVSS: 7.5 CWE: CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification) View on NVD
Medium

CVE-2024-27927

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retr…

CVSS: 6.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2024-03-20
Medium

CVE-2024-23634

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2…

CVSS: 6.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-50967

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Low

CVE-2024-28584

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images i…

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-28579

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR forma…

CVSS: 6.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-28577

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-28576

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K fo…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-28575

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K forma…

CVSS: 6.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-28574

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when read…

CVSS: 6.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-28573

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPE…

CVSS: 6.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-28572

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG…

CVSS: 6.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-28571

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG for…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-28570

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG form…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-28568

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF for…

CVSS: 6.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-28567

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in…

CVSS: 6.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-28565

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in P…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-28564

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images…

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-28563

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function wh…

CVSS: 5.9 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2024-03-19
High

CVE-2024-2169

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Den…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2023-50966

erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. Th…

CVSS: 6.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-21503

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could…

CVSS: 5.3 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2024-03-18
High

CVE-2024-21661

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-21652

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Servic…

CVSS: 9.8 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
Medium

CVE-2024-2496

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of…

CVSS: 5.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server,…

CVSS: 5.3 CWE: CWE-183 - Permissive List of Allowed Inputs View on NVD
Medium

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or ca…

CVSS: 5.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-03-16
High

CVE-2024-28640

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2024-28639

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-03-15
Medium

CVE-2024-24827

Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since cre…

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-28854

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes,…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Critical

CVE-2024-25227

SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the t…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2024-2204

Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-03-14
Medium

CVE-2024-26475

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-39368

Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS: 6.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2023-35191

Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access.

CVSS: 6.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-22396

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by send…

CVSS: 5.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2024-03-13
High

CVE-2024-24693

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

CVSS: 7.2 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
Medium

CVE-2024-24692

Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

CVSS: 5.3 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-0801

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.

CVSS: 7.5 CWE: CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) View on NVD
High

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-20318

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-20266

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial o…

CVSS: 5.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-20262

A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which coul…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for head…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue…

CVSS: 6.3 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2024-26529

An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mm…

CVSS: 7.5 CWE: N/A View on NVD
2024-03-12
High

CVE-2024-27894

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "f…

CVSS: 8.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-2182

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unpri…

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2024-26197

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-26190

Microsoft QUIC Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-26181

Windows Kernel Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-21438

Microsoft AllJoyn API Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-369 - Divide By Zero View on NVD
Medium

CVE-2024-21408

Windows Hyper-V Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-21392

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-22044

A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus…

CVSS: 7.5 CWE: CWE-912 - Hidden Functionality View on NVD
Medium

CVE-2024-26005

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS.

CVSS: 4.8 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2024-26004

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.

CVSS: 7.5 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
High

CVE-2024-26003

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2024-25995

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
2024-03-11
Medium

CVE-2024-2357

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connecti…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2024-27229

In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional executio…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-52494

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-0047

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserial…

CVSS: 5.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2024-1441

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending…

CVSS: 5.5 CWE: CWE-193 - Off-by-one Error View on NVD
2024-03-10
Medium

CVE-2024-2363

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The ma…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2024-03-09
Medium

CVE-2024-28089

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch r…

CVSS: 5.2 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD