Filtered by vendor
Subscriptions
Total
1086 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-52913 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 5.3 Medium |
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. | ||||
CVE-2021-1285 | 2024-11-18 | N/A | ||
Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
CVE-2024-52915 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. | ||||
CVE-2024-52916 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. | ||||
CVE-2024-52914 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. | ||||
CVE-2024-52917 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 6.5 Medium |
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. | ||||
CVE-2024-52920 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. | ||||
CVE-2024-52918 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 6.5 Medium |
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file. | ||||
CVE-2024-4311 | 1 Zenmlio | 1 Zenml | 2024-11-18 | 5.4 Medium |
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account. | ||||
CVE-2024-7807 | 1 Gaizhenbiao | 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt | 2024-11-14 | 7.5 High |
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity. | ||||
CVE-2024-48989 | 1 Boschrexrothag | 1 Indradrive Fwa Indrv Mp | 2024-11-13 | 7.5 High |
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | ||||
CVE-2024-21994 | 2024-11-12 | 4.3 Medium | ||
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash. | ||||
CVE-2024-6762 | 1 Eclipse | 1 Jetty | 2024-11-09 | 3.1 Low |
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | ||||
CVE-2024-8184 | 2 Eclipse, Redhat | 3 Jetty, Amq Streams, Rhboac Hawtio | 2024-11-09 | 5.9 Medium |
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. | ||||
CVE-2024-51428 | 1 Expressif | 1 Esp Idf | 2024-11-08 | 7.5 High |
An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet. | ||||
CVE-2024-51557 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-08 | 6.5 Medium |
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system. | ||||
CVE-2024-31880 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-06 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | ||||
CVE-2024-48809 | 2 Aetherproject, Onosproject | 3 Onos-a1t, Sdran-in-a-box, Sdran-in-a-box | 2024-11-06 | 7.5 High |
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function. | ||||
CVE-2024-49767 | 1 Palletsprojects | 2 Quart, Werkzeug | 2024-11-05 | 7.5 High |
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. | ||||
CVE-2024-10599 | 2 Tongda, Tongda2000 | 2 Oa 2017, Office Anywhere | 2024-11-04 | 5.3 Medium |
A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |