Total
3124 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27567 | 1 Openbsd | 1 Openbsd | 2025-03-06 | 7.5 High |
| In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | ||||
| CVE-2023-3108 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-03-06 | 6.2 Medium |
| A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system. | ||||
| CVE-2024-56584 | 2025-03-06 | 5.5 Medium | ||
| In the Linux kernel, the following vulnerability has been resolved: io_uring/tctx: work around xa_store() allocation error issue syzbot triggered the following WARN_ON: WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51 which is the WARN_ON_ONCE(!xa_empty(&tctx->xa)); sanity check in __io_uring_free() when a io_uring_task is going through its final put. The syzbot test case includes injecting memory allocation failures, and it very much looks like xa_store() can fail one of its memory allocations and end up with ->head being non-NULL even though no entries exist in the xarray. Until this issue gets sorted out, work around it by attempting to iterate entries in our xarray, and WARN_ON_ONCE() if one is found. | ||||
| CVE-2023-26601 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-03-06 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | ||||
| CVE-2024-40931 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-03-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snd_una is still left uninitialized. Address the issue explicitly initializing snd_una together with snd_nxt and write_seq. | ||||
| CVE-2025-27669 | 2025-03-05 | 7.5 High | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013. | ||||
| CVE-2024-53458 | 2025-03-05 | 7.5 High | ||
| Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted SSH packets. | ||||
| CVE-2023-26470 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 5.7 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and make it unusable every time this document is manipulated. This issue has been patched in XWiki 14.0-rc-1. | ||||
| CVE-2023-2778 | 1 Rockwellautomation | 1 Factorytalk Transaction Manager | 2025-03-05 | 7.5 High |
| A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. | ||||
| CVE-2023-26597 | 1 Honeywell | 2 C300, C300 Firmware | 2025-03-05 | 7.5 High |
| Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2023-30769 | 1 Dogecoin | 1 Dogecoin | 2025-03-03 | 9.1 Critical |
| Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes. | ||||
| CVE-2025-27421 | 2025-03-03 | 7.5 High | ||
| Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely. This vulnerability is fixed in 1.4.0. | ||||
| CVE-2023-5685 | 1 Redhat | 12 Apache-camel-spring-boot, Build Keycloak, Camel Spring Boot and 9 more | 2025-03-03 | 7.5 High |
| A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). | ||||
| CVE-2023-1072 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details. | ||||
| CVE-2023-24860 | 1 Microsoft | 1 Malware Protection Engine | 2025-02-28 | 7.5 High |
| Microsoft Defender Denial of Service Vulnerability | ||||
| CVE-2023-20911 | 1 Google | 1 Android | 2025-02-28 | 7.8 High |
| In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498 | ||||
| CVE-2023-20910 | 1 Google | 1 Android | 2025-02-28 | 5.5 Medium |
| In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-29331 | 2 Microsoft, Redhat | 17 .net, .net Framework, Windows 10 1507 and 14 more | 2025-02-28 | 7.5 High |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2023-29333 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | 3.3 Low |
| Microsoft Access Denial of Service Vulnerability | ||||
| CVE-2023-23396 | 1 Microsoft | 2 Office Online Server, Office Web Apps Server | 2025-02-28 | 6.5 Medium |
| Microsoft Excel Denial of Service Vulnerability | ||||