Total
1428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36620 | 1 Enumstringvalues Project | 1 Enumstringvalues | 2024-04-11 | N/A | 7.5 HIGH |
| A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability. | |||||
| CVE-2019-11391 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11390 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11389 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11388 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2018-16310 | 1 Technicolor | 2 Tg588v, Tg588v Firmware | 2024-04-11 | 6.1 MEDIUM | 6.5 MEDIUM |
| Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions | |||||
| CVE-2018-15907 | 1 Technicolor | 2 Tc8305c, Tc8305c Firmware | 2024-04-11 | 6.1 MEDIUM | 6.5 MEDIUM |
| Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions | |||||
| CVE-2018-15852 | 1 Technicolor | 2 Tc7200.20, Tc7200.20 Firmware | 2024-04-11 | 6.1 MEDIUM | 6.5 MEDIUM |
| Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions | |||||
| CVE-2017-7397 | 1 Backbox | 1 Backbox Linux | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions. | |||||
| CVE-2017-14988 | 1 Openexr | 1 Openexr | 2024-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid | |||||
| CVE-2013-2763 | 1 Schneider-electric | 24 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 21 more | 2024-04-11 | 5.0 MEDIUM | N/A |
| The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions. | |||||
| CVE-2011-2906 | 1 Linux | 1 Linux Kernel | 2024-04-11 | 4.7 MEDIUM | 5.5 MEDIUM |
| Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor. | |||||
| CVE-2007-0086 | 1 Apache | 1 Http Server | 2024-04-11 | 7.8 HIGH | N/A |
| The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal | |||||
| CVE-2024-3569 | 2024-04-10 | N/A | 7.5 HIGH | ||
| A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition. | |||||
| CVE-2024-26215 | 2024-04-10 | N/A | 7.5 HIGH | ||
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2024-26212 | 2024-04-10 | N/A | 7.5 HIGH | ||
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2017-6017 | 1 Schneider-electric | 30 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 27 more | 2024-04-10 | 7.8 HIGH | 7.5 HIGH |
| A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. | |||||
| CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2024-04-10 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | |||||
| CVE-2024-30218 | 2024-04-09 | N/A | 6.5 MEDIUM | ||
| The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. | |||||
| CVE-2023-52425 | 1 Libexpat Project | 1 Libexpat | 2024-04-09 | N/A | 7.5 HIGH |
| libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | |||||