Total
3391 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20500 | 1 Cisco | 52 Meraki Mx, Meraki Mx100, Meraki Mx100 Firmware and 49 more | 2025-06-04 | 5.8 Medium |
| A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | ||||
| CVE-2024-23744 | 1 Arm | 1 Mbed Tls | 2025-06-04 | 7.5 High |
| An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | ||||
| CVE-2022-34701 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | 7.5 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | ||||
| CVE-2014-1745 | 2 Google, Redhat | 3 Chrome, Enterprise Linux, Rhel Els | 2025-06-04 | 7.1 High |
| Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. | ||||
| CVE-2021-47037 | 1 Linux | 1 Linux Kernel | 2025-06-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR services are restarted after the firmware crash. However currently Q6afe-clocks driver will oops because hw.init will get cleared during first _probe call. Rewrite the driver to fill the clock data at runtime rather than using big static array of clocks. | ||||
| CVE-2024-31309 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2025-06-03 | 7.5 High |
| HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. | ||||
| CVE-2024-20971 | 3 Netapp, Oracle, Redhat | 4 Oncommand Insight, Mysql, Enterprise Linux and 1 more | 2025-06-03 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-20959 | 1 Oracle | 1 Zfs Storage Appliance Kit | 2025-06-03 | 4.4 Medium |
| Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-53423 | 1 Opennetworking | 1 Onos | 2025-06-03 | 5.6 Medium |
| An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. | ||||
| CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2025-06-03 | 4.3 Medium |
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | ||||
| CVE-2023-49558 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | ||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | ||||
| CVE-2024-21651 | 1 Xwiki | 1 Xwiki | 2025-06-03 | 7.5 High |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1. | ||||
| CVE-2024-20672 | 1 Microsoft | 1 .net | 2025-06-03 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2024-20661 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-06-03 | 7.5 High |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2024-21319 | 2 Microsoft, Redhat | 5 .net, Identity Model, Visual Studio 2022 and 2 more | 2025-06-03 | 6.8 Medium |
| Microsoft Identity Denial of service vulnerability | ||||
| CVE-2023-34061 | 1 Pivotal | 2 Cloud Foundry Deployment, Cloud Foundry Routing Release | 2025-06-03 | 7.5 High |
| Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. | ||||
| CVE-2024-21655 | 1 Discourse | 1 Discourse | 2025-06-03 | 4.3 Medium |
| Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4. | ||||
| CVE-2023-40703 | 1 Mattermost | 1 Mattermost | 2025-06-03 | 4.3 Medium |
| Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. | ||||
| CVE-2024-0581 | 1 Sandsprite | 1 Scdbg | 2025-06-02 | 4 Medium |
| An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan. | ||||