Total
1255 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0879 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. | |||||
CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2023-02-12 | N/A | 5.5 MEDIUM |
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | |||||
CVE-2020-1722 | 2 Freeipa, Redhat | 2 Freeipa, Enterprise Linux | 2023-02-12 | 5.4 MEDIUM | 5.3 MEDIUM |
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. | |||||
CVE-2020-25673 | 3 Fedoraproject, Linux, Netapp | 22 Fedora, Linux Kernel, Active Iq Unified Manager and 19 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. | |||||
CVE-2020-14297 | 1 Redhat | 5 Amq, Jboss Enterprise Application Platform Continuous Delivery, Jboss Fuse and 2 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. | |||||
CVE-2019-3874 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-02-12 | 3.3 LOW | 6.5 MEDIUM |
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | |||||
CVE-2019-14901 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. | |||||
CVE-2017-12190 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 6.5 MEDIUM |
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. | |||||
CVE-2016-9596 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. | |||||
CVE-2017-12174 | 2 Apache, Redhat | 4 Activemq Artemis, Enterprise Linux, Hornetq and 1 more | 2023-02-12 | 7.8 HIGH | 7.5 HIGH |
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. | |||||
CVE-2016-8610 | 4 Debian, Netapp, Openssl and 1 more | 28 Debian Linux, Clustered Data Ontap, Clustered Data Ontap Antivirus Connector and 25 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. | |||||
CVE-2016-8611 | 1 Openstack | 1 Glance | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. | |||||
CVE-2016-4037 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-02-12 | 4.9 MEDIUM | 6.0 MEDIUM |
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. | |||||
CVE-2015-3248 | 1 Openhpi | 1 Openhpi | 2023-02-12 | 4.7 MEDIUM | 4.7 MEDIUM |
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). | |||||
CVE-2022-1677 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | N/A | 6.3 MEDIUM |
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. | |||||
CVE-2022-2238 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2023-02-12 | N/A | 6.5 MEDIUM |
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. | |||||
CVE-2011-2906 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.7 MEDIUM | 5.5 MEDIUM |
** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor. | |||||
CVE-2022-4344 | 1 Wireshark | 1 Wireshark | 2023-02-10 | N/A | 4.3 MEDIUM |
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | |||||
CVE-2018-10868 | 1 Redhat | 1 Certification | 2023-02-10 | 5.0 MEDIUM | 7.5 HIGH |
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host. | |||||
CVE-2023-24574 | 1 Dell | 1 Enterprise Sonic Distribution | 2023-02-10 | N/A | 7.5 HIGH |
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users. |