| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2. |
| ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch. |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19. |
| In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702 |
| A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature. |
| Out-of-bounds read vulnerability in the M3U8 module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| Out-of-bounds read vulnerability in the DASH module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Out-of-bounds access vulnerability in playback in the DASH module
Impact: Successful exploitation of this vulnerability will affect availability. |
| VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. |
| A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected software processes specific EVPN routing information. An attacker could exploit this vulnerability by injecting malicious traffic patterns into the targeted EVPN network. A successful exploit could result in a crash of the l2vpn_mgr process on Provider Edge (PE) device members of the same EVPN instance (EVI). On each of the affected devices, a crash could lead to system instability and the inability to process or forward traffic through the device, resulting in a DoS condition that would require manual intervention to restore normal operating conditions. |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a
Denial-of-Service (DoS).
If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage.
This issue affects Junos OS:
* 21.4 versions from 21.4R3 before 21.4R3-S5,
* 22.1 versions from 22.1R3 before 22.1R3-S4,
* 22.2 versions from 22.2R2 before 22.2R3,
* 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3,
* 22.4 versions from 22.4R1 before 22.4R2.
This issue does not affect Junos OS versions earlier than 21.4. |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a
Denial-of-Service (DoS).
On all ACX 7000 Series platforms running
Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.
This issue affects Junos OS Evolved:
All versions from 22.2R1-EVO and later versions before 22.4R2-EVO,
This issue does not affect Junos OS Evolved versions before 22.1R1-EVO. |
| irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
|
| ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. |
| AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| Vulnerability of improper checking for unusual or exceptional conditions
in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,
the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.
|
| Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number |
| Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin
|