Filtered by CWE-770
Filtered by vendor Subscriptions
Total 1086 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-52913 1 Bitcoin 1 Bitcoin Core 2024-11-18 5.3 Medium
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.
CVE-2021-1285 2024-11-18 N/A
Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2024-52915 1 Bitcoin 1 Bitcoin Core 2024-11-18 7.5 High
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
CVE-2024-52916 1 Bitcoin 1 Bitcoin Core 2024-11-18 7.5 High
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
CVE-2024-52914 1 Bitcoin 1 Bitcoin Core 2024-11-18 7.5 High
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
CVE-2024-52917 1 Bitcoin 1 Bitcoin Core 2024-11-18 6.5 Medium
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
CVE-2024-52920 1 Bitcoin 1 Bitcoin Core 2024-11-18 7.5 High
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
CVE-2024-52918 1 Bitcoin 1 Bitcoin Core 2024-11-18 6.5 Medium
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.
CVE-2024-4311 1 Zenmlio 1 Zenml 2024-11-18 5.4 Medium
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.
CVE-2024-7807 1 Gaizhenbiao 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt 2024-11-14 7.5 High
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.
CVE-2024-48989 1 Boschrexrothag 1 Indradrive Fwa Indrv Mp 2024-11-13 7.5 High
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.
CVE-2024-21994 2024-11-12 4.3 Medium
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash.
CVE-2024-6762 1 Eclipse 1 Jetty 2024-11-09 3.1 Low
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
CVE-2024-8184 2 Eclipse, Redhat 3 Jetty, Amq Streams, Rhboac Hawtio 2024-11-09 5.9 Medium
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
CVE-2024-51428 1 Expressif 1 Esp Idf 2024-11-08 7.5 High
An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.
CVE-2024-51557 1 63moons 2 Aero, Wave 2.0 2024-11-08 6.5 Medium
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
CVE-2024-31880 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2024-11-06 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
CVE-2024-48809 2 Aetherproject, Onosproject 3 Onos-a1t, Sdran-in-a-box, Sdran-in-a-box 2024-11-06 7.5 High
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function.
CVE-2024-49767 1 Palletsprojects 2 Quart, Werkzeug 2024-11-05 7.5 High
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
CVE-2024-10599 2 Tongda, Tongda2000 2 Oa 2017, Office Anywhere 2024-11-04 5.3 Medium
A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.