Security Vulnerabilities, CVEs, Published In November 2022 (Denial of service)
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-11-30
Updated
2023-06-06
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
Max CVSS
7.5
EPSS Score
0.14%
Published
2022-11-14
Updated
2023-01-10
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.
Max CVSS
7.5
EPSS Score
0.08%
Published
2022-11-12
Updated
2022-11-17
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Max CVSS
7.5
EPSS Score
0.47%
Published
2022-11-09
Updated
2023-09-15
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.40%
Published
2022-11-07
Updated
2023-03-28
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Max CVSS
6.5
EPSS Score
0.40%
Published
2022-11-07
Updated
2023-03-28
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-11-18
Updated
2023-02-01
html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file.
Max CVSS
8.1
EPSS Score
0.17%
Published
2022-11-08
Updated
2022-11-09
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
Max CVSS
6.5
EPSS Score
0.11%
Published
2022-11-14
Updated
2022-11-17
A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.
Max CVSS
6.2
EPSS Score
0.04%
Published
2022-11-28
Updated
2023-02-07
A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.
Max CVSS
6.2
EPSS Score
0.04%
Published
2022-11-28
Updated
2023-02-07
A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.
Max CVSS
6.2
EPSS Score
0.04%
Published
2022-11-28
Updated
2023-02-07
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.
Max CVSS
7.5
EPSS Score
0.06%
Published
2022-11-04
Updated
2022-11-08
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
Max CVSS
6.5
EPSS Score
0.12%
Published
2022-11-04
Updated
2022-11-08
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
Max CVSS
7.5
EPSS Score
0.09%
Published
2022-11-03
Updated
2022-11-07
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-11-02
Updated
2023-02-27