Medium
CVE-2023-22404
An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to…
Tag: Denial of Service (DoS)
All CVEs associated with "Denial of Service (DoS)". Page 74/331 • 39664 CVEs.
Subscribe CVEs: RSS for “Denial of Service (DoS)” · RSS (High+Critical only)
About “Denial of Service (DoS)”
A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39664 CVEs for this tag (all time). In the last 365 days, 3231 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-01-13
High
CVE-2023-22403
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a De…
Medium
CVE-2023-22402
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) sce…
High
CVE-2023-22401
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-ba…
High
CVE-2023-22400
An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC cr…
High
CVE-2023-22399
When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to c…
Medium
CVE-2023-22398
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to…
Medium
CVE-2023-22397
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an…
High
CVE-2023-22396
An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packe…
Medium
CVE-2023-22395
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MP…
High
CVE-2023-22394
An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak le…
High
CVE-2023-22393
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RP…
High
CVE-2023-22391
A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS)…
2023-01-12
High
CVE-2022-42273
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.
High
CVE-2022-42272
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.
Medium
CVE-2023-23457
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of…
Medium
CVE-2023-23456
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
High
CVE-2022-4743
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability…
Medium
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI li…
Medium
CVE-2023-23455
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_S…
Medium
CVE-2023-23454
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can somet…
Medium
CVE-2022-4345
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
Medium
CVE-2022-4131
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An…
Medium
CVE-2022-3613
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus S…
Medium
CVE-2022-3514
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An a…
Medium
CVE-2022-4344
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
2023-01-11
Critical
CVE-2022-4498
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. Th…
Medium
CVE-2022-34335
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.
Medium
CVE-2023-20532
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
High
CVE-2023-20531
Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
High
CVE-2023-20530
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
High
CVE-2023-20529
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
Medium
CVE-2023-20525
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
Medium
CVE-2023-20523
TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
High
CVE-2023-20522
Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
Medium
CVE-2021-46795
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of…
Medium
CVE-2021-46791
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) u…
Medium
CVE-2021-46768
Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.
Medium
CVE-2021-46767
Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.
Medium
CVE-2021-26346
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential…
High
CVE-2022-42271
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution
High
CVE-2022-43393
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker t…
Medium
CVE-2022-43392
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditio…
Medium
CVE-2022-43391
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) con…
High
CVE-2022-43389
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cau…
2023-01-10
High
CVE-2023-21758
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
High
CVE-2023-21757
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
High
CVE-2023-21728
Windows Netlogon Denial of Service Vulnerability
High
CVE-2023-21683
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
High
CVE-2023-21677
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
High
CVE-2023-21557
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
High
CVE-2023-21547
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
High
CVE-2023-21538
.NET Denial of Service Vulnerability
High
CVE-2023-21527
Windows iSCSI Service Denial of Service Vulnerability
Medium
CVE-2023-21525
Remote Procedure Call Runtime Denial of Service Vulnerability
High
CVE-2022-46449
An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input.
High
CVE-2022-38393
A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network pac…
Medium
CVE-2022-4429
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version…
Medium
CVE-2023-22909
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because da…
Medium
CVE-2023-22898
workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).
High
CVE-2023-22895
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crate…
2023-01-09
Medium
CVE-2022-36925
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was ge…
Medium
CVE-2023-22477
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This is…
High
CVE-2022-33299
Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.
High
CVE-2022-33290
Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.
High
CVE-2022-33286
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
High
CVE-2022-33285
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
High
CVE-2022-33253
Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
Medium
CVE-2022-25725
Denial of service in MODEM due to improper pointer handling
Medium
CVE-2022-22079
Denial of service while processing fastboot flash command on mmc due to buffer over read
2023-01-08
Medium
CVE-2014-125066
A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The atta…
2023-01-07
Low
CVE-2015-10025
A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the co…
2023-01-06
Medium
CVE-2022-47974
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
2023-01-05
Medium
CVE-2022-23548
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible…
2023-01-04
High
CVE-2023-22467
Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has q…
Medium
CVE-2022-44446
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44445
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44444
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44443
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44442
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
Medium
CVE-2022-44441
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44440
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44439
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44438
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44437
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44436
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44435
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44434
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44432
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44431
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44430
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44429
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44428
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44427
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44426
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44425
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Medium
CVE-2022-44424
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44423
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-44422
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-39118
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
Medium
CVE-2022-39116
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
Medium
CVE-2022-39104
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
Medium
CVE-2022-38684
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-38683
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-38682
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Medium
CVE-2022-38678
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
2023-01-03
Medium
CVE-2021-32821
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An att…
2023-01-01
High
CVE-2023-22551
The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity, such…
Medium
CVE-2023-0029
A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The mani…
Low
CVE-2018-25062
A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ips…
2022-12-30
High
CVE-2022-42270
NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead…
High
CVE-2022-42267
NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, inf…
High
CVE-2022-42264
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data t…
High
CVE-2022-42263
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.
High
CVE-2022-42262
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering…
High
CVE-2022-42261
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering…
High
CVE-2022-42260
NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to c…
Medium
CVE-2022-42259
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.
Medium
CVE-2022-42258
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.
Medium
CVE-2022-42257
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.