CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 54/331 • 39661 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39661 CVEs for this tag (all time). In the last 365 days, 3229 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-01-16
Medium

CVE-2024-0232

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malici…

CVSS: 4.7 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-52098

Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-22362

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-01-15
Medium

CVE-2024-0565

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on…

CVSS: 6.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2023-6048

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-6915

A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing ch…

CVSS: 6.2 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-0548

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-0547

A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipula…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-0546

A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to deni…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2024-01-12
Medium

CVE-2023-6683

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-31035

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vul…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-31034

NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may l…

CVSS: 6.6 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-31033

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead…

CVSS: 6.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.

CVSS: 7.5 CWE: CWE-627 - Dynamic Variable Evaluation View on NVD
Medium

CVE-2023-31031

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to…

CVSS: 4.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2023-31030

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit o…

CVSS: 9.3 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2023-31029

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted netw…

CVSS: 9.3 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2023-31024

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful ex…

CVSS: 9.0 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-31036

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the mod…

CVSS: 7.5 CWE: CWE-23 - Relative Path Traversal View on NVD
Medium

CVE-2023-28899

By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is mo…

CVSS: 4.7 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2023-49568

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted res…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-22027

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-34061

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade t…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2022-48619

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which a…

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2024-21617

An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Servi…

CVSS: 6.5 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2024-21616

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
High

CVE-2024-21614

An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attack…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2024-21613

A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to c…

CVSS: 6.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2024-21612

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker…

CVSS: 7.5 CWE: CWE-228 - Improper Handling of Syntactically Invalid Structure View on NVD
High

CVE-2024-21611

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based atta…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2024-21606

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a…

CVSS: 7.5 CWE: CWE-415 - Double Free View on NVD
High

CVE-2024-21604

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-21603

An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of s…

CVSS: 6.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2024-21602

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (D…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-21601

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an…

CVSS: 5.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2024-21600

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to…

CVSS: 6.5 CWE: CWE-76 - Improper Neutralization of Equivalent Special Elements View on NVD
Medium

CVE-2024-21599

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to caus…

CVSS: 6.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2024-21596

A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial o…

CVSS: 5.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21595

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a D…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
Medium

CVE-2024-21594

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS).…

CVSS: 5.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2024-21591

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-21587

An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connec…

CVSS: 6.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2024-21585

An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specif…

CVSS: 5.9 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2023-36842

An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to…

CVSS: 6.5 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD
2024-01-11
Medium

CVE-2024-0419

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-0418

A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2023-45171

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969.

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-45169

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-45175

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-45173

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
2024-01-10
Medium

CVE-2023-37934

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted…

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2023-48266

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVSS: 8.1 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-48265

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVSS: 8.1 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-48264

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVSS: 8.1 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-48263

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVSS: 8.1 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-48262

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVSS: 8.1 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2023-50120

MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a De…

CVSS: 5.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2023-49427

Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-47997

An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.

CVSS: 6.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2024-01-09
Medium

CVE-2023-47996

An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.

CVSS: 6.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-47995

Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.

CVSS: 6.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2023-47994

An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary c…

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-6476

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kuberne…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-21664

jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present whil…

CVSS: 4.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-21319

Microsoft Identity Denial of service vulnerability

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-21312

.NET Framework Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-20699

Windows Hyper-V Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2024-20687

Microsoft AllJoyn API Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-20672

.NET Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-20661

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-22165

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generatio…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-22164

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not prop…

CVSS: 4.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-6129

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU pro…

CVSS: 6.5 CWE: CWE-440 - Expected Behavior Violation View on NVD
High

CVE-2024-0213

A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corru…

CVSS: 8.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Low

CVE-2023-51744

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamce…

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-49252

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacke…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2023-26999

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.

CVSS: 9.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2024-21651

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modi…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-01-08
Medium

CVE-2023-6139

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Den…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2023-29050

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break…

CVSS: 7.6 CWE: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') View on NVD
2024-01-07
High

CVE-2023-7209

A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device…

CVSS: 7.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-0263

A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denia…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-0261

A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2024-01-06
Medium

CVE-2023-50121

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).

CVSS: 5.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-01-05
High

CVE-2023-50991

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-01-04
High

CVE-2024-0241

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sen…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-6270

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered…

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-6992

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validat…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-3864

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker c…

CVSS: 4.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2024-01-03
High

CVE-2024-21909

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromByte…

CVSS: 7.5 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
High

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a Stack…

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2023-52313

FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-369 - Divide By Zero View on NVD
Medium

CVE-2023-52312

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-52309

Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

CVSS: 8.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-52308

FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-369 - Divide By Zero View on NVD
High

CVE-2023-52307

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

CVSS: 8.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-52306

FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-369 - Divide By Zero View on NVD
Medium

CVE-2023-52305

FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-369 - Divide By Zero View on NVD
High

CVE-2023-52304

Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

CVSS: 8.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-52303

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-52302

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-38678

OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-38677

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-369 - Divide By Zero View on NVD
Medium

CVE-2023-38676

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-38675

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-369 - Divide By Zero View on NVD
Medium

CVE-2023-38674

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

CVSS: 4.7 CWE: CWE-369 - Divide By Zero View on NVD
High

CVE-2024-0211

DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-0210

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-674 - Uncontrolled Recursion View on NVD
High

CVE-2024-0209

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-230 - Improper Handling of Missing Values View on NVD
High

CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-42358

An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API c…

CVSS: 7.7 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-49558

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-49557

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-49556

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-49555

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-49554

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
2024-01-02
High

CVE-2023-49553

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-49552

An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD