Total
540 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22278 | 1 Sonicwall | 98 Nsa 2650, Nsa 2650 Firmware, Nsa 2700 and 95 more | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack | |||||
| CVE-2022-29701 | 1 Zammad | 1 Zammad | 2022-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2021-29329 | 1 Moddable | 1 Moddable | 2022-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. | |||||
| CVE-2020-28200 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | |||||
| CVE-2021-29324 | 1 Moddable | 1 Moddable | 2022-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. | |||||
| CVE-2020-13114 | 3 Canonical, Libexif Project, Opensuse | 3 Ubuntu Linux, Libexif, Leap | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | |||||
| CVE-2020-11612 | 5 Debian, Fedoraproject, Netapp and 2 more | 13 Debian Linux, Fedora, Oncommand Api Services and 10 more | 2022-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. | |||||
| CVE-2020-29568 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-04-26 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. | |||||
| CVE-2021-36155 | 1 Linuxfoundation | 1 Grpc Swift | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | |||||
| CVE-2022-20622 | 1 Cisco | 1 Aironet Access Point Software | 2022-04-25 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. | |||||
| CVE-2021-28302 | 1 Pupnp Project | 1 Pupnp | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. | |||||
| CVE-2021-44502 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c. | |||||
| CVE-2022-1333 | 1 Mattermost | 1 Playbooks | 2022-04-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. | |||||
| CVE-2018-16846 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2022-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. | |||||
| CVE-2018-20033 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. | |||||
| CVE-2020-28400 | 1 Siemens | 157 Dk Standard Ethernet Controller Evaluation Kit, Dk Standard Ethernet Controller Evaluation Kit Firmware, Ek-ertec 200 Evaulation Kit and 154 more | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. | |||||
| CVE-2022-1121 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | |||||
| CVE-2022-22404 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2022-04-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. | |||||
| CVE-2019-15165 | 7 Apple, Canonical, Debian and 4 more | 11 Ipados, Iphone Os, Mac Os X and 8 more | 2022-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | |||||
| CVE-2021-25173 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2022-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). | |||||