Weaknesses of type CWE-400

2,373 results

CVE-2018-16845HIGHnginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop inEPSS 9.8%CVE-2015-5600HIGHThe kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interaEPSS 9.3%CVE-2017-16086—ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack whEPSS 9.2%CVE-2020-8251—Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unablEPSS 8.8%CVE-2019-5419—There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted aEPSS 8.7%CVE-2022-21293MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions EPSS 8.3%CVE-2021-43859HIGHDenial of Service by injecting highly recursive collections or maps in XStreamEPSS 8.2%CVE-2020-35498HIGHA vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send EPSS 8.0%CVE-2022-40946HIGHOn D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parametEPSS 8.0%CVE-2024-44176MEDIUMAn out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOEPSS 7.9%CVE-2018-10608—SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP EPSS 7.8%CVE-2022-21340MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions EPSS 7.7%CVE-2016-10542—ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". BEPSS 7.5%CVE-2022-41333MEDIUMAn uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authenticationEPSS 7.2%CVE-2021-30468—Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriterEPSS 7.0%CVE-2021-22119—Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a DeEPSS 6.7%CVE-2021-22696—OAuth 2 authorization service vulnerable to DDos attacksEPSS 6.6%CVE-2019-14867HIGHA flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way thEPSS 6.3%CVE-2021-37137—The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may bufferEPSS 6.3%CVE-2019-11048MEDIUMTemporary files are not cleaned after OOM when parsing HTTP request dataEPSS 6.3%

← previouspage 4 / 119next →