Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15961 | 4 Canonical, Cisco, Clamav and 1 more | 4 Ubuntu Linux, Email Security Appliance Firmware, Clamav and 1 more | 2022-10-19 | 7.1 HIGH | 6.5 MEDIUM |
| A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. | |||||
| CVE-2022-2455 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 6.5 MEDIUM |
| A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project. | |||||
| CVE-2022-2931 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 7.5 HIGH |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. | |||||
| CVE-2022-2908 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 4.3 MEDIUM |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | |||||
| CVE-2022-39278 | 1 Istio | 1 Istio | 2022-10-19 | N/A | 7.5 HIGH |
| Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go. | |||||
| CVE-2022-24373 | 1 Swmansion | 1 React Native Reanimated | 2022-10-18 | N/A | 7.5 HIGH |
| The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. | |||||
| CVE-2022-23267 | 2 Fedoraproject, Microsoft | 6 Fedora, .net, .net Core and 3 more | 2022-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. | |||||
| CVE-2021-43933 | 1 Fanuc | 1 Roboguide | 2022-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources. | |||||
| CVE-2022-33749 | 1 Xen | 1 Xapi | 2022-10-14 | N/A | 5.3 MEDIUM |
| XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors. | |||||
| CVE-2022-39271 | 1 Traefik | 1 Traefik | 2022-10-13 | N/A | 7.5 HIGH |
| Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds. | |||||
| CVE-2022-37981 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 4.3 MEDIUM |
| Windows Event Logging Service Denial of Service Vulnerability. | |||||
| CVE-2022-20425 | 1 Google | 1 Android | 2022-10-12 | N/A | 5.5 MEDIUM |
| In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407 | |||||
| CVE-2022-33645 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.5 HIGH |
| Windows TCP/IP Driver Denial of Service Vulnerability. | |||||
| CVE-2020-26257 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2022-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`). | |||||
| CVE-2022-3433 | 1 Haskell | 1 Aeson | 2022-10-11 | N/A | 6.5 MEDIUM |
| The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. | |||||
| CVE-2022-21680 | 1 Marked Project | 1 Marked | 2022-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. | |||||
| CVE-2022-40188 | 2 Fedoraproject, Nic | 2 Fedora, Knot Resolver | 2022-10-07 | N/A | 7.5 HIGH |
| Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. | |||||
| CVE-2022-3423 | 1 Xgenecloud | 1 Nocodb | 2022-10-07 | N/A | 6.5 MEDIUM |
| Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. | |||||
| CVE-2020-7733 | 2 Oracle, Ua-parser-js Project | 2 Communications Cloud Native Core Network Function Cloud Native Environment, Ua-parser-js | 2022-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | |||||
| CVE-2022-25313 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2022-10-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | |||||