CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 60/331 • 39664 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39664 CVEs for this tag (all time). In the last 365 days, 3231 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-09-22
High

CVE-2023-43765

Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSec…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-43761

Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Ele…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2023-43760

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSec…

CVSS: 7.5 CWE: N/A View on NVD
2023-09-21
Medium

CVE-2023-42806

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a sna…

CVSS: 6.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The len…

CVSS: 7.5 CWE: N/A View on NVD
2023-09-20
High

CVE-2023-37279

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2023-4853

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This is…

CVSS: 8.1 CWE: CWE-148 - Improper Neutralization of Input Leaders View on NVD
High

CVE-2022-47562

Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large q…

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Critical

CVE-2023-4088

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in in…

CVSS: 9.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2023-31015

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of pri…

CVSS: 6.6 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2023-31014

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer compone…

CVSS: 4.2 CWE: CWE-927 - Use of Implicit Intent for Sensitive Communication View on NVD
Medium

CVE-2023-31010

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, informati…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-31009

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial…

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-25534

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service,…

CVSS: 5.7 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-25531

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial…

CVSS: 7.6 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2023-25530

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial o…

CVSS: 8.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-25528

NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted netw…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25527

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead t…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-25526

NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit m…

CVSS: 6.5 CWE: CWE-248 - Uncaught Exception View on NVD
Medium

CVE-2020-24089

An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-09-19
Medium

CVE-2023-4094

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In ad…

CVSS: 6.5 CWE: CWE-1390 - Weak Authentication View on NVD
Medium

CVE-2022-47556

Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly vali…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-32649

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unau…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
High

CVE-2023-32186

A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2023-09-18
Critical

CVE-2023-42320

Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2023-32187

An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2023-41349

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN confi…

CVSS: 8.8 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2023-09-15
Medium

CVE-2023-40588

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or s…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Critical

CVE-2023-36659

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2023-09-14
Medium

CVE-2023-25588

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of ser…

CVSS: 4.7 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
Medium

CVE-2023-25586

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVSS: 4.7 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
Medium

CVE-2023-25585

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

CVSS: 4.7 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
Critical

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2023-32665

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table vali…

CVSS: 4.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-32611

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-29499

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2023-42503

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are re…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-26141

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipu…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-09-13
High

CVE-2023-4785

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant n…

CVSS: 7.5 CWE: CWE-248 - Uncaught Exception View on NVD
Medium

CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability…

CVSS: 5.3 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2023-3301

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could…

CVSS: 5.6 CWE: CWE-617 - Reachable Assertion View on NVD
Medium

CVE-2023-3255

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the…

CVSS: 6.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2023-20233

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected…

CVSS: 4.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2023-09-12
High

CVE-2023-39215

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.

CVSS: 7.1 CWE: CWE-449 - The UI Performs the Wrong Action View on NVD
Medium

CVE-2023-39208

Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-38162

DHCP Server Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-38149

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-36799

.NET Core and Visual Studio Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-28831

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2022-4896

Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete den…

CVSS: 8.2 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2022-48474

Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized compo…

CVSS: 8.2 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-09-11
Medium

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous l…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-39068

Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allow…

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2022-23382

Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service vulnerability through sending a crafted multicast message in a local network.

CVSS: 8.1 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-36161

An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-09-08
Medium

CVE-2023-39076

Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment…

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2023-4807

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_…

CVSS: 7.8 CWE: CWE-440 - Expected Behavior Violation View on NVD
Medium

CVE-2023-32470

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to…

CVSS: 5.0 CWE: CWE-1386 - Insecure Operation on Windows Junction / Mount Point View on NVD
High

CVE-2014-5329

GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a versio…

CVSS: 7.5 CWE: N/A View on NVD
2023-09-05
High

CVE-2023-41317

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (D…

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2021-40546

Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform…

CVSS: 4.9 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Critical

CVE-2023-40743

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dange…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unrespon…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2023-4540

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted…

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

CVSS: 7.5 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

CVSS: 7.5 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2023-33016

Transient DOS in WLAN firmware while parsing MLO (multi-link operation).

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).

CVSS: 7.5 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

CVSS: 6.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-21653

Transient DOS in Modem while processing RRC reconfiguration message.

CVSS: 7.5 CWE: CWE-617 - Reachable Assertion View on NVD
High

CVE-2023-21646

Transient DOS in Modem while processing invalid System Information Block 1.

CVSS: 7.5 CWE: CWE-617 - Reachable Assertion View on NVD
Medium

CVE-2022-43903

IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2023-09-04
High

CVE-2023-41055

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/…

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2023-41054

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php…

CVSS: 8.2 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2023-20847

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is n…

CVSS: 4.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-20823

In cmdq, there is a possible out of bounds read due to an incorrect status check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed fo…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-38554

In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-38468

In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVSS: 4.4 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-38467

In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVSS: 4.4 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-38463

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38462

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38461

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38457

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38448

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38447

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38446

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-38445

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-48453

In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVSS: 4.4 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-48452

In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed

CVSS: 4.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2022-47353

In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-47352

In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-09-01
High

CVE-2023-41628

An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-40968

Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2023-36328

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2023-36327

Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prim…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2023-36326

Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when cal…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-4647

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which t…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2023-3210

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authe…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Medium

CVE-2023-3205

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authe…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2023-39685

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string.

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-4481

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial o…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2023-08-31
Medium

CVE-2023-39350

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_A…

CVSS: 5.9 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2023-08-30
Medium

CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file bei…

CVSS: 4.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2023-39136

An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.

CVSS: 5.5 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD
Medium

CVE-2023-40594

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-40593

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a…

CVSS: 6.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-08-29
High

CVE-2023-38975

* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Medium

CVE-2023-39267

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2023-3252

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with l…

CVSS: 6.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (Do…

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2023-38802

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

CVSS: 7.5 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
2023-08-28
High

CVE-2023-40998

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2023-40997

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-40781

Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.

CVSS: 6.5 CWE: CWE-787 - Out-of-bounds Write View on NVD