Filtered by CWE-770
Filtered by vendor Subscriptions
Total 1086 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43083 1 Google 1 Android 2024-12-17 6.2 Medium
In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31314 1 Google 1 Android 2024-12-17 6.2 Medium
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-30903 1 Hp 1 Hp-ux 2024-12-17 5.5 Medium
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.
CVE-2022-34357 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-12-17 6.5 Medium
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.
CVE-2024-0026 1 Google 1 Android 2024-12-17 5.5 Medium
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0027 1 Google 1 Android 2024-12-17 5.9 Medium
In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-2874 1 Gitlab 1 Gitlab 2024-12-16 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.
CVE-2024-1953 1 Mattermost 1 Mattermost Server 2024-12-13 4.3 Medium
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.
CVE-2024-28053 1 Mattermost 1 Mattermost Server 2024-12-13 3.1 Low
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.
CVE-2024-2446 1 Mattermost 1 Mattermost Server 2024-12-13 4.3 Medium
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.
CVE-2024-6826 1 Gitlab 1 Gitlab 2024-12-13 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.
CVE-2024-4539 1 Gitlab 1 Gitlab 2024-12-13 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.
CVE-2024-28949 1 Mattermost 1 Mattermost Server 2024-12-13 4.3 Medium
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.
CVE-2022-48498 1 Huawei 1 Emui 2024-12-13 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2024-2454 1 Gitlab 1 Gitlab 2024-12-12 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.
CVE-2024-9367 1 Gitlab 1 Gitlab 2024-12-12 4.3 Medium
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs.
CVE-2024-27804 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-12-12 5.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-34166 1 Huawei 1 Emui 2024-12-12 7.5 High
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
CVE-2023-34455 2 Redhat, Xerial 7 Amq Broker, Amq Streams, Camel K and 4 more 2024-12-12 7.5 High
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue.
CVE-2024-2818 1 Gitlab 1 Gitlab 2024-12-11 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.