| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. |
| Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. |
| Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. |
| Windows Remote Desktop Services Denial of Service Vulnerability |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Windows Remote Desktop Services Denial of Service Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| BranchCache Denial of Service Vulnerability |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability |
| Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability |
| BranchCache Denial of Service Vulnerability |
| Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion.
The version parser converts numeric version components (major, minor, patch and numeric pre-release/build identifiers) to integers without bounding their length. A single large all-digit component therefore forces a super-linear, non-yielding base-10 to arbitrary-precision integer conversion (String.to_integer/1, i.e. :erlang.binary_to_integer/1) that pins a BEAM scheduler, and a larger component raises an uncaught SystemLimitError that crashes the calling process. A single moderately sized string (around one megabyte) is enough; no authentication is required.
This is reachable from the public entry points Version.parse/1, Version.parse!/1, Version.match?/3, Version.compare/2, and Version.parse_requirement/1, which applications routinely call on untrusted input such as HTTP parameters, dependency-manifest fields, and package metadata.
This vulnerability is associated with program files lib/version.ex and program routines 'Elixir.Version.Parser':parse_digits/2.
This issue affects Elixir: from 1.5.0 before 1.20.1. |
| Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion. |
| In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.
Affected versions:
Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11. |
