Total
3124 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47239 | 1 Dell | 1 Powerscale Onefs | 2025-02-04 | 6.5 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2021-44228 | 13 Apache, Apple, Bentley and 10 more | 168 Log4j, Xcode, Synchro and 165 more | 2025-02-04 | 10 Critical |
| Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | ||||
| CVE-2024-50157 | 1 Linux | 1 Linux Kernel | 2025-02-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop Driver waits indefinitely for the fifo occupancy to go below a threshold as soon as the pacing interrupt is received. This can cause soft lockup on one of the processors, if the rate of DB is very high. Add a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th if the loop is taking more time. Pacing will be continuing until the occupancy is below the threshold. This is ensured by the checks in bnxt_re_pacing_timer_exp and further scheduling the work for pacing based on the fifo occupancy. | ||||
| CVE-2024-38575 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-01-31 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the physical memory has run out. As a result, if we use get_random_bytes() to generate random bytes in the randbuf, the null pointer dereference bug will happen. In order to prevent allocation failure, this patch adds a separate function using buffer on kernel stack to generate random bytes in the randbuf, which could prevent the kernel stack from overflow. | ||||
| CVE-2024-54677 | 2025-01-31 | 5.3 Medium | ||
| Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. | ||||
| CVE-2024-47554 | 1 Redhat | 1 Amq Streams | 2025-01-31 | 4.3 Medium |
| Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. | ||||
| CVE-2023-31670 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2025-01-31 | 7.5 High |
| An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | ||||
| CVE-2023-31615 | 1 Openlinksw | 1 Virtuoso | 2025-01-31 | 7.5 High |
| An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31614 | 1 Openlinksw | 1 Virtuoso | 2025-01-31 | 7.5 High |
| An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-28882 | 1 Trustwave | 1 Modsecurity | 2025-01-30 | 7.5 High |
| Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | ||||
| CVE-2022-40302 | 3 Debian, Frrouting, Redhat | 3 Debian Linux, Frrouting, Enterprise Linux | 2025-01-30 | 6.5 Medium |
| An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. | ||||
| CVE-2024-43575 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-29 | 7.5 High |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-43545 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-01-29 | 7.5 High |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | ||||
| CVE-2024-43544 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-01-29 | 7.5 High |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | ||||
| CVE-2024-38149 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-29 | 7.5 High |
| BranchCache Denial of Service Vulnerability | ||||
| CVE-2024-43541 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-01-29 | 7.5 High |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | ||||
| CVE-2024-43515 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-29 | 7.5 High |
| Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | ||||
| CVE-2024-43506 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-29 | 7.5 High |
| BranchCache Denial of Service Vulnerability | ||||
| CVE-2023-24594 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2025-01-29 | 5.3 Medium |
| When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-10314 | 1 Perforce | 1 Helix Core | 2025-01-29 | N/A |
| In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek. | ||||