| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. |
| .NET Framework Denial of Service Vulnerability |
| A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-252681 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| .NET Core and Visual Studio Denial of Service Vulnerability |
| HTTP.sys Denial of Service Vulnerability |
| Windows CryptoAPI Denial of Service Vulnerability |
| Windows Authentication Denial of Service Vulnerability |
| Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Windows Secure Channel Denial of Service Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Windows Netlogon Denial of Service Vulnerability |
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
| Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability |
| DHCP Server Service Denial of Service Vulnerability |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. |
| NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss. |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
