Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-404
Total 219 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0908 1 Xoslab 1 Easy File Locker 2023-03-01 N/A 7.8 HIGH
A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.
CVE-2023-0907 1 Filseclab 1 Twister Antivirus 2023-03-01 N/A 5.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is some unknown functionality in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456.
CVE-2023-0909 1 Notepad-- Project 1 Notepad-- 2023-03-01 N/A 5.5 MEDIUM
A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.
CVE-2019-5603 1 Freebsd 1 Freebsd 2023-03-01 7.2 HIGH 7.8 HIGH
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.
CVE-2022-25762 2 Apache, Oracle 2 Tomcat, Agile Plm 2023-02-23 7.5 HIGH 8.6 HIGH
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
CVE-2023-0412 2 Debian, Wireshark 2 Debian Linux, Wireshark 2023-02-14 N/A 7.1 HIGH
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2022-1473 2 Netapp, Openssl 43 A250, A250 Firmware, A700s and 40 more 2023-02-14 5.0 MEDIUM 7.5 HIGH
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
CVE-2020-14307 1 Redhat 5 Amq, Jboss Enterprise Application Platform Continuous Delivery, Jboss Fuse and 2 more 2023-02-12 4.0 MEDIUM 6.5 MEDIUM
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
CVE-2017-7472 1 Linux 1 Linux Kernel 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
CVE-2022-3551 3 Debian, Fedoraproject, X.org 3 Debian Linux, Fedora, X Server 2023-02-09 N/A 6.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
CVE-2023-0415 1 Wireshark 1 Wireshark 2023-02-08 N/A 6.5 MEDIUM
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2023-0413 1 Wireshark 1 Wireshark 2023-02-08 N/A 6.5 MEDIUM
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2023-0417 1 Wireshark 1 Wireshark 2023-02-08 N/A 6.5 MEDIUM
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2023-24444 1 Jenkins 1 Openid 2023-02-02 N/A 9.8 CRITICAL
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2022-3646 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-01 N/A 4.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
CVE-2022-3621 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-01 N/A 6.5 MEDIUM
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
CVE-2019-19886 2 Fedoraproject, Trustwave 2 Fedora, Modsecurity 2023-02-01 5.0 MEDIUM 7.5 HIGH
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
CVE-2023-0414 1 Wireshark 1 Wireshark 2023-02-01 N/A 6.5 MEDIUM
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
CVE-2023-0416 1 Wireshark 1 Wireshark 2023-02-01 N/A 6.5 MEDIUM
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2019-5607 1 Freebsd 1 Freebsd 2023-01-31 7.2 HIGH 7.8 HIGH
In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail.