Export limit exceeded: 19664 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2193 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30443 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-01-31 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | ||||
| CVE-2024-41762 | 1 Ibm | 1 Db2 | 2025-01-31 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2024-41761 | 2 Ibm, Linux | 3 Db2, Linux On Ibm Z, Linux Kernel | 2025-01-31 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2023-30455 | 1 Ebankit | 1 Ebankit | 2025-01-30 | 7.5 High |
| An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users. | ||||
| CVE-2023-27556 | 1 Ibm | 1 Safer Payments | 2025-01-30 | 6.5 Medium |
| IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. | ||||
| CVE-2023-31472 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-29 | 7.5 High |
| An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. | ||||
| CVE-2023-26285 | 1 Ibm | 1 Mq Appliance | 2025-01-29 | 5.9 Medium |
| IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. | ||||
| CVE-2023-30551 | 2 Linuxfoundation, Redhat | 2 Rekor, Openshift | 2025-01-29 | 7.5 High |
| Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds. | ||||
| CVE-2024-26265 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 5 Medium |
| The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter. | ||||
| CVE-2024-36378 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 5.9 Medium |
| In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens | ||||
| CVE-2021-46760 | 1 Amd | 14 Ryzen 3945wx, Ryzen 3945wx Firmware, Ryzen 3955wx and 11 more | 2025-01-27 | 9.8 Critical |
| A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution. | ||||
| CVE-2023-28356 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 7.5 High |
| A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. | ||||
| CVE-2023-31914 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | ||||
| CVE-2023-21110 | 1 Google | 1 Android | 2025-01-24 | 7.8 High |
| In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 | ||||
| CVE-2023-20930 | 1 Google | 1 Android | 2025-01-24 | 5.5 Medium |
| In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066 | ||||
| CVE-2023-2666 | 1 Froxlor | 1 Froxlor | 2025-01-24 | 7.5 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16. | ||||
| CVE-2024-23979 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-01-23 | 7.5 High |
| When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-25978 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | 7.5 High |
| Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. | ||||
| CVE-2023-33720 | 1 Mp4v2 Project | 1 Mp4v2 | 2025-01-14 | 6.5 Medium |
| mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. | ||||
| CVE-2019-9516 | 12 Apache, Apple, Canonical and 9 more | 24 Traffic Server, Mac Os X, Swiftnio and 21 more | 2025-01-14 | 6.5 Medium |
| Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. | ||||