CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 85/331 • 39665 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39665 CVEs for this tag (all time). In the last 365 days, 3232 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-05-26
Medium

CVE-2021-42692

There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.

CVSS: 6.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-05-25
Medium

CVE-2022-31624

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly,…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
Medium

CVE-2022-31623

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_thread…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
Medium

CVE-2022-31622

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_wor…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
Medium

CVE-2022-31621

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
Medium

CVE-2022-31620

In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded los…

CVSS: 6.5 CWE: CWE-617 - Reachable Assertion View on NVD
High

CVE-2022-26026

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2022-28875

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2022-29358

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craft…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2022-05-24
High

CVE-2021-42613

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2021-3629

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat fr…

CVSS: 5.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2021-3597

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availabil…

CVSS: 5.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-29377

Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-05-20
High

CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass…

CVSS: 7.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-29205

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2022-29204

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29203

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwr…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2022-29202

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. T…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29200

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input argume…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29199

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input ar…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29198

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29197

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29196

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the inp…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29195

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments.…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29193

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input argu…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29194

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29192

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate th…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-29191

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arg…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-21195

All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash.

CVSS: 5.3 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Critical

CVE-2022-29873

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attack…

CVSS: 9.8 CWE: CWE-141 - Improper Neutralization of Parameter/Argument Delimiters View on NVD
High

CVE-2022-29872

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the devi…

CVSS: 8.8 CWE: CWE-141 - Improper Neutralization of Parameter/Argument Delimiters View on NVD
Medium

CVE-2022-29031

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2022-29030

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono…

CVSS: 5.5 CWE: CWE-680 - Integer Overflow to Buffer Overflow View on NVD
Medium

CVE-2022-29029

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2022-29028

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff…

CVSS: 5.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Critical

CVE-2022-29023

A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a craf…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2022-29022

A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2022-29021

A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafte…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2022-27640

A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast re…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2022-28965

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Ser…

CVSS: 6.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-28964

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.

CVSS: 7.1 CWE: CWE-426 - Untrusted Search Path View on NVD
2022-05-19
High

CVE-2020-4107

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges,…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-28946

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range me…

CVSS: 7.5 CWE: N/A View on NVD
2022-05-18
Medium

CVE-2022-25162

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsu…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-25161

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsu…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-1110

A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2022-30065

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-29643

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attac…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-29642

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows atta…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-29641

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnera…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-29640

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allow…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-29638

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows atta…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-05-17
Medium

CVE-2022-28192

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry…

CVSS: 4.1 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-28191

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denia…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2022-28190

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-28188

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or in…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-28187

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime h…

CVSS: 5.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Medium

CVE-2022-28186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or in…

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-28185

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and…

CVSS: 6.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-28183

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of serv…

CVSS: 7.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-28182

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write throu…

CVSS: 8.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-28181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a special…

CVSS: 8.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-24611

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wav…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-22482

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial…

CVSS: 6.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2021-38872

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple req…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-4994

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 1…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2022-24108

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-05-16
Medium

CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. Th…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-1728

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine use…

CVSS: 6.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2022-0573

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-05-15
High

CVE-2022-28936

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message pa…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2022-05-13
High

CVE-2021-22275

Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.

CVSS: 8.6 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2022-05-12
High

CVE-2021-27771

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users ho…

CVSS: 8.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a Multipar…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2021-26368

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting i…

CVSS: 4.4 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
Medium

CVE-2021-26351

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-21147

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termin…

CVSS: 5.5 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
Medium

CVE-2022-21136

Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-33135

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2021-33078

Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2021-33075

Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local acce…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2021-33069

Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable deni…

CVSS: 5.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2022-1698

Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not abl…

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2022-1674

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allow…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2022-05-11
High

CVE-2022-30040

Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/gofor…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2021-42646

XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Man…

CVSS: 9.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2021-36614

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer derefer…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2021-36613

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Critical

CVE-2021-34085

Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have…

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-26388

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2021-26378

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2021-26376

Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-26375

Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-26373

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-26372

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2021-26364

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potentia…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2021-26350

A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.

CVSS: 4.7 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2021-26347

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential…

CVSS: 4.7 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
Medium

CVE-2021-26339

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-3611

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of servic…

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2021-34605

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vul…

CVSS: 7.3 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2021-3254

Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.

CVSS: 7.5 CWE: N/A View on NVD
2022-05-10
Low

CVE-2022-30130

.NET Framework Denial of Service Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2022-29145

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2022-29121

Windows WLAN AutoConfig Service Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-29117

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2022-23267

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-22713

Windows Hyper-V Denial of Service Vulnerability

CVSS: 5.6 CWE: N/A View on NVD
Medium

CVE-2021-39670

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges nee…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2021-26352

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2022-24040

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All v…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2022-05-09
High

CVE-2022-23704

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-O…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example)…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-05-08
High

CVE-2022-1620

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allow…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2022-05-06
High

CVE-2022-25324

All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regar…

CVSS: 7.5 CWE: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') View on NVD
High

CVE-2022-28973

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-28972

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Servic…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD