Total
540 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3439 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-14 | N/A | 9.8 CRITICAL |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. | |||||
| CVE-2022-3456 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-14 | N/A | 9.8 CRITICAL |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. | |||||
| CVE-2022-34308 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2022-10-08 | N/A | 5.5 MEDIUM |
| IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. | |||||
| CVE-2019-16770 | 2 Debian, Puma | 2 Debian Linux, Puma | 2022-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2. | |||||
| CVE-2019-17359 | 4 Apache, Bouncycastle, Netapp and 1 more | 21 Tomee, Legion-of-the-bouncy-castle-java-crytography-api, Active Iq Unified Manager and 18 more | 2022-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. | |||||
| CVE-2020-10717 | 1 Qemu | 1 Qemu | 2022-10-07 | 2.1 LOW | 6.5 MEDIUM |
| A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. | |||||
| CVE-2022-22970 | 3 Netapp, Oracle, Vmware | 6 Active Iq Unified Manager, Brocade San Navigator, Cloud Secure Agent and 3 more | 2022-10-07 | 3.5 LOW | 5.3 MEDIUM |
| In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. | |||||
| CVE-2021-32675 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Management Services For Element Software and 3 more | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates. | |||||
| CVE-2022-39226 | 1 Discourse | 1 Discourse | 2022-10-05 | N/A | 4.3 MEDIUM |
| Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2022-22971 | 3 Netapp, Oracle, Vmware | 4 Cloud Secure Agent, Oncommand Insight, Financial Services Crime And Compliance Management Studio and 1 more | 2022-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. | |||||
| CVE-2022-3371 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-04 | N/A | 7.5 HIGH |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | |||||
| CVE-2022-3364 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-04 | N/A | 7.5 HIGH |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | |||||
| CVE-2022-41845 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h. | |||||
| CVE-2022-41846 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2020-8659 | 3 Cncf, Debian, Redhat | 3 Envoy, Debian Linux, Openshift Service Mesh | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. | |||||
| CVE-2021-3527 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2022-09-30 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. | |||||
| CVE-2022-3295 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-28 | N/A | 7.5 HIGH |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. | |||||
| CVE-2022-3298 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-28 | N/A | 7.5 HIGH |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. | |||||
| CVE-2022-34917 | 1 Apache | 1 Kafka | 2022-09-22 | N/A | 7.5 HIGH |
| A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions. | |||||
| CVE-2022-35089 | 1 Swftools | 1 Swftools | 2022-09-22 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf. | |||||