Total
1255 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31129 | 3 Debian, Fedoraproject, Momentjs | 3 Debian Linux, Fedora, Moment | 2023-02-23 | 5.0 MEDIUM | 7.5 HIGH |
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. | |||||
CVE-2019-4183 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-02-22 | 7.8 HIGH | 7.5 HIGH |
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. | |||||
CVE-2023-23631 | 1 Protocol | 1 Go-unixfsnode | 2023-02-17 | N/A | 7.5 HIGH |
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-23625 | 1 Protocol | 1 Go-unixfs | 2023-02-17 | N/A | 7.5 HIGH |
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions. | |||||
CVE-2022-44570 | 1 Rack Project | 1 Rack | 2023-02-17 | N/A | 7.5 HIGH |
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. | |||||
CVE-2022-44566 | 1 Activerecord Project | 1 Activerecord | 2023-02-16 | N/A | 7.5 HIGH |
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. | |||||
CVE-2022-40480 | 2 Microchip, Nordicsemi | 4 Dt100112, Dt100112 Firmware, Nrf5340-dk and 1 more | 2023-02-16 | N/A | 6.5 MEDIUM |
Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. | |||||
CVE-2022-24836 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2023-02-15 | 5.0 MEDIUM | 7.5 HIGH |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. | |||||
CVE-2012-6638 | 1 Linux | 1 Linux Kernel | 2023-02-14 | 7.8 HIGH | N/A |
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. | |||||
CVE-2022-24921 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Astra Trident | 2023-02-14 | 5.0 MEDIUM | 7.5 HIGH |
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | |||||
CVE-2021-44716 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Cloud Insights Telegraf | 2023-02-14 | 5.0 MEDIUM | 7.5 HIGH |
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | |||||
CVE-2019-19300 | 1 Siemens | 65 Ktk Ate530s, Ktk Ate530s Firmware, Sidoor Atd430w and 62 more | 2023-02-14 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions), SIMATIC S7-300 CPU 315-2 PN/DP (All versions), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317-2 PN/DP (All versions), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions), SIMATIC S7-300 CPU 319-3 PN/DP (All versions), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions), SIPLUS NET PN/PN Coupler (All versions >= V4.2), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions), SIPLUS S7-300 CPU 315-2 PN/DP (All versions), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions), SIPLUS S7-300 CPU 317-2 PN/DP (All versions), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. | |||||
CVE-2022-38371 | 1 Siemens | 39 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 36 more | 2023-02-14 | N/A | 7.5 HIGH |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (Versions including affected FTP server), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server. | |||||
CVE-2022-25622 | 1 Siemens | 23 Simatic Cfu Diq, Simatic Cfu Diq Firmware, Simatic Cfu Pa and 20 more | 2023-02-14 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L, SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, DI 16x24VDC, M12-L, SIMATIC ET200ecoPN, DI 8x24VDC, M12-L, SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L, SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler, SIMATIC PN/PN Coupler, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210, SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS HCS4200 CIM4210, SIPLUS HCS4200 CIM4210C, SIPLUS HCS4300 CIM4310, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. | |||||
CVE-2018-10864 | 1 Redhat | 2 Certification, Linux | 2023-02-12 | 5.0 MEDIUM | 6.2 MEDIUM |
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. | |||||
CVE-2018-14660 | 3 Debian, Gluster, Redhat | 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. | |||||
CVE-2018-14659 | 2 Debian, Redhat | 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. | |||||
CVE-2016-6312 | 1 Redhat | 1 Enterprise Linux | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955. | |||||
CVE-2013-2128 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. | |||||
CVE-2011-2918 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. |