Page 27 of 38443 results (0.105 seconds)

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet. • https://community.infineon.com/t5/PSoC-4/BLE-SDK-Integer-Overflow/m-p/888037#M49108 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12. • https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047 • CWE-636: Not Failing Securely ('Failing Open') •

CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. • https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s https://access.redhat.com/security/cve/CVE-2024-38286 https://bugzilla.redhat.com/show_bug.cgi?id=2314686 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1998 • CWE-20: Improper Input Validation •

CVSS: 3.7EPSS: 0%CPEs: -EXPL: 0

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •