Total
3426 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20268 | 1 Cisco | 7 Business 150ax, Business 150ax Firmware, Business 151axm and 4 more | 2024-12-12 | 4.7 Medium |
| A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic. | ||||
| CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2024-12-12 | 4.9 Medium |
| Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | ||||
| CVE-2024-40841 | 1 Apple | 1 Macos | 2024-12-12 | 7.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination. | ||||
| CVE-2023-34166 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
| Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | ||||
| CVE-2023-31348 | 1 Amd | 2 Uprof, Uprof Tool | 2024-12-12 | 7.3 High |
| A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-12-11 | 5.3 Medium |
| A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | ||||
| CVE-2024-44169 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2024-12-11 | 8.1 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination. | ||||
| CVE-2024-27862 | 1 Apple | 1 Macos | 2024-12-10 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled. | ||||
| CVE-2023-4418 | 1 Sick | 7 Lms500, Lms500 Firmware, Lms511 and 4 more | 2024-12-09 | 7.5 High |
| A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users. | ||||
| CVE-2021-37865 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. | ||||
| CVE-2022-1337 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.3 Medium |
| The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | ||||
| CVE-2022-1982 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.3 Medium |
| Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. | ||||
| CVE-2022-2406 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API. | ||||
| CVE-2022-3147 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 3.1 Low |
| Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service. | ||||
| CVE-2022-3257 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 3.1 Low |
| Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. | ||||
| CVE-2023-2793 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 6.5 Medium |
| Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message. | ||||
| CVE-2023-2831 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters. | ||||
| CVE-2023-2785 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service | ||||
| CVE-2023-21176 | 1 Google | 1 Android | 2024-12-05 | 4.4 Medium |
| In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335 | ||||
| CVE-2023-2990 | 1 Globalscape | 1 Eft Server | 2024-12-04 | 7.5 High |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | ||||