Total
3426 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40593 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 6.3 Medium |
| In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. | ||||
| CVE-2024-45736 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). | ||||
| CVE-2023-40594 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. | ||||
| CVE-2023-38210 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2025-02-27 | 5.5 Medium |
| Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-4394 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-02-27 | 6.7 Medium |
| A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information | ||||
| CVE-2023-38251 | 1 Adobe | 2 Commerce, Magento | 2025-02-27 | 5.3 Medium |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-27097 | 1 The-guild | 1 Graphql Mesh | 2025-02-27 | 7.5 High |
| GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. If a token is sent via variables, the following requests will act like the same token is sent even if the following requests have different tokens. This can cause a short memory leak but it won't grow per each request but per different operation until the cache evicts DocumentNode by LRU mechanism. | ||||
| CVE-2023-25618 | 1 Sap | 1 Netweaver Application Server Abap | 2025-02-27 | 6.5 Medium |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information. | ||||
| CVE-2023-27270 | 1 Sap | 1 Netweaver Application Server Abap | 2025-02-27 | 6.5 Medium |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information. | ||||
| CVE-2021-46877 | 2 Fasterxml, Redhat | 15 Jackson-databind, Amq Streams, Camel Spring Boot and 12 more | 2025-02-26 | 7.5 High |
| jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | ||||
| CVE-2023-26767 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2025-02-26 | 7.5 High |
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. | ||||
| CVE-2023-26769 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2025-02-26 | 7.5 High |
| Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. | ||||
| CVE-2023-26768 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2025-02-26 | 7.5 High |
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. | ||||
| CVE-2022-45003 | 1 Getgophish | 1 Gophish | 2025-02-25 | 7.5 High |
| Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. | ||||
| CVE-2023-1580 | 1 Devolutions | 1 Devolutions Gateway | 2025-02-25 | 7.5 High |
| Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable. | ||||
| CVE-2024-34036 | 2025-02-25 | 4.3 Medium | ||
| An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp. | ||||
| CVE-2024-34035 | 2025-02-25 | 5.7 Medium | ||
| An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp. | ||||
| CVE-2023-0056 | 3 Fedoraproject, Haproxy, Redhat | 12 Extra Packages For Enterprise Linux, Fedora, Haproxy and 9 more | 2025-02-25 | 6.5 Medium |
| An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | ||||
| CVE-2023-1605 | 1 Radare | 1 Radare2 | 2025-02-25 | 7.5 High |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. | ||||
| CVE-2023-20861 | 2 Redhat, Vmware | 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more | 2025-02-25 | 6.5 Medium |
| In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||