Low
CVE-2022-35883
NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.
Tag: Denial of Service (DoS)
All CVEs associated with "Denial of Service (DoS)". Page 72/331 • 39664 CVEs.
Subscribe CVEs: RSS for “Denial of Service (DoS)” · RSS (High+Critical only)
About “Denial of Service (DoS)”
A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39664 CVEs for this tag (all time). In the last 365 days, 3231 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-02-16
High
CVE-2022-35729
Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.
Medium
CVE-2022-31476
Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.
Medium
CVE-2022-30692
Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access.
Low
CVE-2022-29523
Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.
Medium
CVE-2022-29494
Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via net…
Medium
CVE-2022-29493
Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network a…
Medium
CVE-2021-33104
Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.
Medium
CVE-2022-36794
Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.
Medium
CVE-2022-34849
Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.
Medium
CVE-2022-30339
Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service…
High
CVE-2023-25653
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" cry…
High
CVE-2022-39954
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version…
High
CVE-2023-24807
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untru…
Medium
CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted…
High
CVE-2023-0662
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can…
2023-02-15
Low
CVE-2023-0850
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of…
Medium
CVE-2023-0848
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation lead…
High
CVE-2022-40016
Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.
Medium
CVE-2022-45587
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
Medium
CVE-2022-45586
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.
High
CVE-2023-25578
Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large…
2023-02-14
Medium
CVE-2023-21567
Visual Studio Denial of Service Vulnerability
High
CVE-2023-25577
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a s…
High
CVE-2023-21819
Windows Secure Channel Denial of Service Vulnerability
High
CVE-2023-21818
Windows Secure Channel Denial of Service Vulnerability
High
CVE-2023-21816
Windows Active Directory Domain Services API Denial of Service Vulnerability
High
CVE-2023-21813
Windows Secure Channel Denial of Service Vulnerability
High
CVE-2023-21811
Windows iSCSI Service Denial of Service Vulnerability
Medium
CVE-2023-21722
.NET Framework Denial of Service Vulnerability
High
CVE-2023-21702
Windows iSCSI Service Denial of Service Vulnerability
High
CVE-2023-21701
Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability
High
CVE-2023-21700
Windows iSCSI Discovery Service Denial of Service Vulnerability
High
CVE-2023-25565
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service…
Medium
CVE-2023-25564
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outl…
Medium
CVE-2023-25563
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of ser…
High
CVE-2023-25576
@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in whi…
Critical
CVE-2023-24482
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.…
2023-02-13
Medium
CVE-2023-0518
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It…
Medium
CVE-2022-3759
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An…
2023-02-12
Medium
CVE-2022-47452
In gnss driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47451
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47371
In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel.
Medium
CVE-2022-47370
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47369
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47368
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47366
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47365
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47364
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47363
In wlan driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47360
In log service, there is a missing permission check. This could lead to local denial of service in log service.
Medium
CVE-2022-47359
In log service, there is a missing permission check. This could lead to local denial of service in log service.
Medium
CVE-2022-47358
In log service, there is a missing permission check. This could lead to local denial of service in log service.
Medium
CVE-2022-47357
In log service, there is a missing permission check. This could lead to local denial of service in log service.
Medium
CVE-2022-47356
In log service, there is a missing permission check. This could lead to local denial of service in log service.
Medium
CVE-2022-47355
In log service, there is a missing permission check. This could lead to local denial of service in log service.
Medium
CVE-2022-47354
In log service, there is a missing permission check. This could lead to local denial of service in log service.
Medium
CVE-2022-47348
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
Medium
CVE-2022-47347
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
Medium
CVE-2022-47346
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
Medium
CVE-2022-47345
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
Medium
CVE-2022-47344
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
Medium
CVE-2022-47343
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
Medium
CVE-2022-47342
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
Medium
CVE-2022-47331
In wlan driver, there is a race condition. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47323
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-47322
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44448
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44447
In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-43869
IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to caus…
High
CVE-2022-43779
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial…
Medium
CVE-2022-42783
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-42292
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges t…
High
CVE-2022-40513
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.
High
CVE-2022-40512
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
High
CVE-2022-40502
Transient DOS due to improper input validation in WLAN Host.
Medium
CVE-2022-38686
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-38681
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-38680
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-38675
In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
Medium
CVE-2022-38674
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
High
CVE-2022-34146
Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.
High
CVE-2022-34145
Transient DOS due to buffer over-read in WLAN Host while parsing frame information.
High
CVE-2022-33306
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
High
CVE-2022-25735
Denial of service in modem due to missing null check while processing TCP or UDP packets from server
High
CVE-2022-25734
Denial of service in modem due to missing null check while processing IP packets with padding
High
CVE-2022-25733
Denial of service in modem due to null pointer dereference while processing DNS packets
2023-02-11
Medium
CVE-2022-34404
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, l…
2023-02-10
Low
CVE-2022-34377
Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerabi…
Low
CVE-2022-34376
Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI…
2023-02-09
High
CVE-2023-22799
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time.…
High
CVE-2023-22796
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a sta…
High
CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expressi…
High
CVE-2023-22792
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause…
High
CVE-2022-44572
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boun…
High
CVE-2022-44571
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cau…
High
CVE-2022-44570
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount o…
High
CVE-2022-44566
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connectio…
2023-02-08
Medium
CVE-2023-25167
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the…
Medium
CVE-2023-25166
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should…
High
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL…
High
CVE-2023-0217
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an applica…
High
CVE-2023-0216
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the de…
High
CVE-2022-4450
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out",…
High
CVE-2022-43763
Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
Medium
CVE-2022-45192
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.
Medium
CVE-2022-45191
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.
Medium
CVE-2022-40480
Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.
2023-02-07
High
CVE-2022-46285
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of S…
High
CVE-2022-40224
A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service.…
Medium
CVE-2022-43756
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying spec…
Medium
CVE-2022-45854
An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted…
Medium
CVE-2022-45441
A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a…
Medium
CVE-2023-24808
PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run a…
2023-02-06
High
CVE-2022-44617
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of…
Medium
CVE-2022-44267
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Medium
CVE-2022-42950
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memor…
High
CVE-2022-32663
In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not…
2023-02-03
Medium
CVE-2023-23082
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
High
CVE-2023-23925
Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular exp…