Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.
Windows TCP/IP Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
DHCP Server Service Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
ASP.NET Core Denial of Service Vulnerability
DHCP Server Service Denial of Service Vulnerability
Microsoft QUIC Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Windows CryptoAPI Denial of Service Vulnerability
HTTP.sys Denial of Service Vulnerability
Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
BranchCache Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
Windows Netlogon Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
DHCP Server Service Denial of Service Vulnerability
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
DHCP Server Service Denial of Service Vulnerability
Microsoft QUIC Denial of Service Vulnerability
DHCP Server Service Denial of Service Vulnerability
.NET Denial of Service Vulnerability
Windows DNS Client Denial of Service Vulnerability
A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit.
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
Windows Secure Channel Denial of Service Vulnerability
HTTP.sys Denial of Service Vulnerability
Windows DNS Server Denial of Service Vulnerability
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
Windows TCP/IP Driver Denial of Service Vulnerability
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.