Filtered by vendor
Subscriptions
Total
1086 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43083 | 1 Google | 1 Android | 2024-12-17 | 6.2 Medium |
In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-31314 | 1 Google | 1 Android | 2024-12-17 | 6.2 Medium |
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-30903 | 1 Hp | 1 Hp-ux | 2024-12-17 | 5.5 Medium |
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. | ||||
CVE-2022-34357 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | 6.5 Medium |
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510. | ||||
CVE-2024-0026 | 1 Google | 1 Android | 2024-12-17 | 5.5 Medium |
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-0027 | 1 Google | 1 Android | 2024-12-17 | 5.9 Medium |
In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-2874 | 1 Gitlab | 1 Gitlab | 2024-12-16 | 6.5 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. | ||||
CVE-2024-1953 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.3 Medium |
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request. | ||||
CVE-2024-28053 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 3.1 Low |
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server. | ||||
CVE-2024-2446 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.3 Medium |
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages. | ||||
CVE-2024-6826 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 6.5 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file. | ||||
CVE-2024-4539 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.3 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service. | ||||
CVE-2024-28949 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.3 Medium |
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service. | ||||
CVE-2022-48498 | 1 Huawei | 1 Emui | 2024-12-13 | 7.5 High |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-2454 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request. | ||||
CVE-2024-9367 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | ||||
CVE-2024-27804 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-12 | 5.5 Medium |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2023-34166 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | ||||
CVE-2023-34455 | 2 Redhat, Xerial | 7 Amq Broker, Amq Streams, Camel K and 4 more | 2024-12-12 | 7.5 High |
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue. | ||||
CVE-2024-2818 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 4.3 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. |