Export limit exceeded: 357318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6765 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11993 | 8 Apache, Canonical, Debian and 5 more | 16 Http Server, Ubuntu Linux, Debian Linux and 13 more | 2025-05-01 | 7.5 High |
| Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. | ||||
| CVE-2021-44790 | 8 Apache, Apple, Debian and 5 more | 20 Http Server, Mac Os X, Macos and 17 more | 2025-05-01 | 9.8 Critical |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | ||||
| CVE-2022-44552 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | 7.5 High |
| The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. | ||||
| CVE-2021-22883 | 6 Fedoraproject, Netapp, Nodejs and 3 more | 12 Fedora, E-series Performance Analyzer, Node.js and 9 more | 2025-04-30 | 7.5 High |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. | ||||
| CVE-2020-8277 | 5 C-ares Project, Fedoraproject, Nodejs and 2 more | 10 C-ares, Fedora, Node.js and 7 more | 2025-04-30 | 7.5 High |
| A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. | ||||
| CVE-2020-8251 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2025-04-30 | 7.5 High |
| Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. | ||||
| CVE-2024-57519 | 1 Open5gs | 1 Open5gs | 2025-04-30 | 7.5 High |
| An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. | ||||
| CVE-2022-43780 | 1 Hp | 82 M2u75a, M2u75a Firmware, M2u76a and 79 more | 2025-04-30 | 7.5 High |
| Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. | ||||
| CVE-2025-29910 | 1 Nasa | 1 Cryptolib | 2025-04-30 | 7.5 High |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A memory leak vulnerability was identified in the `crypto_handle_incrementing_nontransmitted_counter` function of CryptoLib versions 1.3.3 and prior. This vulnerability can lead to resource exhaustion and degraded system performance over time, particularly in long-running processes or systems processing large volumes of data. The vulnerability is present in the `crypto_handle_incrementing_nontransmitted_counter` function within `crypto_tc.c`. The function allocates memory using `malloc` without ensuring the allocated memory is always freed. This issue can lead to resource exhaustion, reduced system performance, and potentially a Denial of Service (DoS) in environments where CryptoLib is used in long-running processes or with large volumes of data. Any system using CryptoLib, especially those handling high-throughput or continuous data streams, could be impacted. As of time of publication, no known patched versions are available. | ||||
| CVE-2025-29925 | 1 Xwiki | 1 Xwiki | 2025-04-30 | 5.3 Medium |
| XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the wiki, though only for the main wiki. The problem has been patched in XWiki 15.10.14, 16.4.6, 16.10.0RC1. In those versions the endpoint can still be requested but the result is filtered out based on pages rights. | ||||
| CVE-2022-38871 | 1 Free5gc | 1 Free5gc | 2025-04-30 | 7.5 High |
| In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. | ||||
| CVE-2025-30730 | 1 Oracle | 1 Application Object Library | 2025-04-29 | 7.5 High |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2022-2794 | 1 Hp | 26 Pagewide 352dw J6u57a, Pagewide 352dw J6u57a Firmware, Pagewide 377dw J9v80a and 23 more | 2025-04-29 | 7.5 High |
| Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. | ||||
| CVE-2021-3821 | 1 Hp | 1 Futuresmart 5 | 2025-04-29 | 9.8 Critical |
| A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | ||||
| CVE-2021-46854 | 1 Proftpd | 1 Proftpd | 2025-04-28 | 7.5 High |
| mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | ||||
| CVE-2022-45887 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, H300s, H300s Firmware and 11 more | 2025-04-25 | 4.7 Medium |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | ||||
| CVE-2022-45873 | 3 Fedoraproject, Redhat, Systemd Project | 3 Fedora, Enterprise Linux, Systemd | 2025-04-25 | 5.5 Medium |
| systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. | ||||
| CVE-2022-41568 | 1 Linecorp | 1 Line | 2025-04-25 | 7.5 High |
| LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. | ||||
| CVE-2022-45204 | 1 Gpac | 1 Gpac | 2025-04-25 | 5.5 Medium |
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. | ||||
| CVE-2024-25718 | 2 Dropbox, Samly | 2 Samly, Elixr | 2025-04-24 | 9.1 Critical |
| In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry. | ||||