ReportizFlow
Filtered by vendor
Subscriptions
Total
2892 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1876 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A |
| Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | ||||
| CVE-2002-1873 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A |
| Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | ||||
| CVE-2002-0368 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A |
| The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." | ||||
| CVE-2001-0666 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. | ||||
| CVE-2024-45420 | 2024-11-20 | 4.3 Medium | ||
| Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2024-9409 | 1 Schneider-electric | 6 Powerlogic Pm5320, Powerlogic Pm5320 Firmware, Powerlogic Pm5340 and 3 more | 2024-11-19 | 7.5 High |
| CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. | ||||
| CVE-2024-52520 | 2024-11-18 | 5.7 Medium | ||
| Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7. | ||||
| CVE-2023-39180 | 1 Redhat | 1 Enterprise Linux | 2024-11-18 | 4 Medium |
| A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. | ||||
| CVE-2024-47535 | 1 Netty | 1 Netty | 2024-11-13 | 5.5 Medium |
| Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. | ||||
| CVE-2024-48989 | 1 Boschrexrothag | 1 Indradrive Fwa Indrv Mp | 2024-11-13 | 7.5 High |
| A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | ||||
| CVE-2024-10466 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-11-13 | 7.5 High |
| By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2024-46891 | 1 Seimens | 1 Sinec Ins | 2024-11-12 | 5.3 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. | ||||
| CVE-2024-6762 | 1 Eclipse | 1 Jetty | 2024-11-09 | 3.1 Low |
| Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | ||||
| CVE-2024-8184 | 2 Eclipse, Redhat | 3 Jetty, Amq Streams, Rhboac Hawtio | 2024-11-09 | 5.9 Medium |
| There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. | ||||
| CVE-2024-49767 | 1 Palletsprojects | 2 Quart, Werkzeug | 2024-11-05 | 7.5 High |
| Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. | ||||
| CVE-2024-10599 | 2 Tongda, Tongda2000 | 2 Oa 2017, Office Anywhere | 2024-11-04 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10468 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-04 | 9.8 Critical |
| Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. | ||||
| CVE-2024-21536 | 2 Chimurai, Redhat | 4 Http-proxy-middleware, Openshift Distributed Tracing, Service Mesh and 1 more | 2024-11-01 | 7.5 High |
| Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. | ||||
| CVE-2024-50354 | 1 Consensys | 1 Gnark | 2024-11-01 | 5.5 Medium |
| gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory. | ||||
| CVE-2024-20526 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-10-31 | 5.3 Medium |
| A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM). | ||||