| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versions 1.49.1 and below are affected. Users are advised to upgrade. Users unable to upgrade should either set the environment variable `LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART` to `true` or configure the `disable_pre_signed_multipart` key to true in their config yaml. |
| Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. |
| Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A |
| A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019. |
| A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability. |
| Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. |
| LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." |
| A vulnerability exists in a SDM600 endpoint.
An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.
This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291)
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*
|
| A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047` |
| A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes. |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout). |
| An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. |
| An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. |
| Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. |
| Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1. |
| A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability. |
| This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. |
| Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. |
