Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-8551

Summary
Assigner-kubernetes
Assigner Org ID-a6081bf6-c852-4425-ad4f-a67919267565
Published At-27 Mar, 2020 | 14:25
Updated At-04 Aug, 2024 | 10:03
Rejected At-
Credits

Kubernetes kubelet denial of service

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:kubernetes
Assigner Org ID:a6081bf6-c852-4425-ad4f-a67919267565
Published At:27 Mar, 2020 | 14:25
Updated At:04 Aug, 2024 | 10:03
Rejected At:
▼CVE Numbering Authority (CNA)
Kubernetes kubelet denial of service

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

Affected Products
Vendor
KubernetesKubernetes
Product
Kubernetes
Versions
Affected
  • From unspecified before v1.17.3 (custom)
  • From unspecified before v1.16.7 (custom)
  • From unspecified before v1.15.10 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-789CWE-789 Uncontrolled Memory Allocation
Type: CWE
CWE ID: CWE-789
Description: CWE-789 Uncontrolled Memory Allocation
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Henrik Schmidt
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kubernetes/kubernetes/issues/89377
x_refsource_MISC
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200413-0003/
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://github.com/kubernetes/kubernetes/issues/89377
Resource:
x_refsource_MISC
Hyperlink: https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20200413-0003/
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kubernetes/kubernetes/issues/89377
x_refsource_MISC
x_transferred
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20200413-0003/
x_refsource_CONFIRM
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://github.com/kubernetes/kubernetes/issues/89377
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20200413-0003/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jordan@liggitt.net
Published At:27 Mar, 2020 | 15:15
Updated At:07 Nov, 2023 | 03:26

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.14.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.15.0(inclusive) to 1.15.9(inclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.16.0(inclusive) to 1.16.6(inclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.17.0(inclusive) to 1.17.2(inclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Primarynvd@nist.gov
CWE-789Secondaryjordan@liggitt.net
CWE ID: CWE-770
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-789
Type: Secondary
Source: jordan@liggitt.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kubernetes/kubernetes/issues/89377jordan@liggitt.net
Issue Tracking
Patch
Third Party Advisory
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0sjordan@liggitt.net
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/jordan@liggitt.net
N/A
https://security.netapp.com/advisory/ntap-20200413-0003/jordan@liggitt.net
Third Party Advisory
Hyperlink: https://github.com/kubernetes/kubernetes/issues/89377
Source: jordan@liggitt.net
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s
Source: jordan@liggitt.net
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
Source: jordan@liggitt.net
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20200413-0003/
Source: jordan@liggitt.net
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

119Records found
CVE-2023-20047
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.36%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:36
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient resource allocation. An attacker could exploit this vulnerability by sending crafted LLDP traffic to an affected device. A successful exploit could allow the attacker to exhaust the memory resources of the affected device, resulting in a crash of the LLDP process. If the affected device is configured to support LLDP only, this could cause an interruption to inbound and outbound calling. By default, these devices are configured to support both Cisco Discovery Protocol and LLDP. To recover operational state, the affected device needs a manual restart.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_room_phonesip_ip_phone_softwarewebex_room_phone_firmwarewebex_share_firmwarewebex_shareCisco Webex Room Phone
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20202
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 24.39%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 17:24
Updated-21 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9800-lcatalyst_iw6300iw9167eh-x-apcatalyst_9162catalyst_9800-40iw9167eh-x-wgbcatalyst_9166d1catalyst_9120catalyst_9164esw6300catalyst_9105icatalyst_9105wiw9167eh-x-urwbcatalyst_9166ios_xecatalyst_9136catalyst_9124ecatalyst_9124dcatalyst_9800-clcatalyst_9800-80catalyst_9115catalyst_9124iiw9167ih-x-apcatalyst_9130Cisco IOS XE Software
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2021-33011
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.62%
||
7 Day CHG~0.00%
Published-10 Sep, 2021 | 11:28
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices.

Action-Not Available
Vendor-jtektn/a
Product-2port-efr_thu-6404_firmwareplus_cpu_tcc-6740pc10pe-1616p_tcc-1102_firmwarepc10p_tcc-6372_firmwarepc10b_tcc-1021plus_efr_tcu-6743_firmwareplus_bus-ex_tcu-6900pc10e_tcc-4637_firmwarefl\/et-t-v2h_thu-6289_firmwarepc10ge_tcc-6464_firmwarenano_safety_rs01ip_tuu-1087plus_ex2_tcu-6858pc10p_tcc-6372nano_2et_tuu-6949plus_efr2_tcu-6859_firmwarepc10b-p_tcc-6373plus_efr_tcu-6743plus_bus-ex_tcu-6900_firmwarepc10b_tcc-1021_firmwareplus_ex_tcu-6741_firmwarepc10p-dp_tcc-6726_firmwarepc10g-cpu_tcc-6353plus_cpu_tcc-6740_firmwarenano_safety_rs00ip_tuu-1086_firmwarepc10p-dp_tcc-6726plus_efr2_tcu-6859pc10p-dp-io_tcc-6752_firmwarepc10e_tcc-4637pc10b-e\/c_tcu-6521_firmwarepc10pe_tcc-1101_firmwarepc10pe_tcc-1101plus_2p-efr_tcu-6929_firmwareplus_ex_tcu-6741plus_ex2_tcu-6858_firmwarenano_2et_tuu-6949_firmwarenano_10gx_tuc-1157nano_cpu_tuc-6941_firmwarepc10b-e\/c_tcu-6521pc10p-dp-io_tcc-6752pc10g-cpu_tcc-6353_firmwareplus_2p-efr_tcu-6929nano_safety_rs01ip_tuu-1087_firmwareef10_tcu-6982_firmwarepc10ge_tcc-6464ef10_tcu-6982pc10pe-1616p_tcc-1102pc10b-p_tcc-6373_firmwarenano_safety_tuc-1085_firmwarenano_10gx_tuc-1157_firmwarefl\/et-t-v2h_thu-6289nano_cpu_tuc-6941nano_safety_tuc-1085nano_safety_rs00ip_tuu-10862port-efr_thu-6404JTEKT Corporation TOYOPUC products
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-21875
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.94%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 08:37
Updated-11 Mar, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS attack when broadcasting billboard messages

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.

Action-Not Available
Vendor-Badge.Team
Product-hacker_hotel_badge_2024Hacker Hotel Badge 2024
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-25671
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). Sending specially crafted ARP packets to an affected device could cause a partial denial-of-service, preventing the device to operate normally. A restart is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-rwg1.m12_firmwarerwg1.m8rwg1.m12d_firmwarerwg1.m12drwg1.m8_firmwarerwg1.m12RWG1.M8RWG1.M12RWG1.M12D
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-27556
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 00:56
Updated-30 Jan, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Safer Payments denial of service

IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.

Action-Not Available
Vendor-IBM Corporation
Product-safer_paymentsSafer Payments
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-57972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.30% / 88.44%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 00:00
Updated-07 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many requests through the Device Portal framework.

Action-Not Available
Vendor-Microsoft Corporation
Product-HoloLens
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-52917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.88%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 00:00
Updated-30 Apr, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/abitcoin_core
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-4782
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.68%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-21 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-4781
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.04%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-21 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-46921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.29%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-20 Jun, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack).

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_modem_5300_firmwareexynos_1280_firmwareexynos_980_firmwareexynos_9820exynos_1380_firmwareexynos_2400_firmwareexynos_990exynos_modem_5300exynos_9110_firmwareexynos_2100_firmwareexynos_1280exynos_w1000_firmwareexynos_2200exynos_2200_firmwareexynos_1330exynos_2100exynos_modem_5123exynos_1480exynos_modem_5400_firmwareexynos_1380exynos_modem_5400exynos_990_firmwareexynos_modem_5123_firmwareexynos_1330_firmwareexynos_1080_firmwareexynos_1480_firmwareexynos_980exynos_9825exynos_w1000exynos_1080exynos_9820_firmwareexynos_9825_firmwareexynos_9110n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20089
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-25 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_93108tc-exnexus_9332d-gx2bnx-osnexus_9372pxnexus_9364c-gxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_9336pq_aci_spinenexus_93108tc-ex-24nexus_9408nexus_9372tx-enexus_93108tc-fx3pnexus_93108tc-fxnexus_93360yc-fx2nexus_9364d-gx2anexus_9396txnexus_93180yc-fx3snexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9348gc-fxpnexus_9808nexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_93216tc-fx2nexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_9348d-gx2anexus_93180yc-exnexus_93600cd-gxnexus_9000vnexus_9372px-enexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS System Software in ACI Mode
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-22226
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.97%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 02:46
Updated-12 May, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series: 17.1 version 17.1R1 and later versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S7, 19.2R3-S1; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS versions prior to 17.1R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4300-48t-dcqfx5220ex4300-48tafiqfx5210ex4300-24tqfx5110qfx5130ex4650qfx5200ex4300-48t-sex4300mjunosex4300-24t-sex4300-vcex4300-32fex4300-48tex4600-vcex4300-48tdcex4300-48mp-sex4300-48t-dc-afiqfx5120ex4300-48mpex4300-24pex4300qfx5100ex4300-32f-dcex4300-48pex4300-48t-afiex4600ex4300-48tdc-afiex4300-mpex4300-48p-sex4300-24p-sex4300-32f-sqfx5700Junos OS
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-43662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 23:26
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex300_v2_firmwareex300_v2a720r_firmwarea720rn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-25666
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.66%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.

Action-Not Available
Vendor-Siemens AG
Product-scalance_w780_firmwarescalance_w740_firmwarescalance_w780scalance_w740SCALANCE W780 and W740 (IEEE 802.11n) family
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-6004
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.04%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-21 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-5209
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-21 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-5210
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-21 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-0242
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.30%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured

A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 /kernel: pid 64476 (pfex_junos), uid 0: exited on signal 11 (core dumped) Apr 14 14:29:33.790 init: pfe-manager (PID 64476) terminated by signal number 11. Core dumped! The DMA buffers on the FPC can be monitored by the executing vty command 'show heap': ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 4a46000 268435456 238230496 30204960 11 Kernel 1 18a46000 67108864 17618536 49490328 73 Bcm_sdk 2 23737000 117440512 18414552 99025960 84 DMA buf <<<<< keeps increasing 3 2a737000 16777216 16777216 0 0 DMA desc This issue affects Juniper Networks Junos OS on the EX4300: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosex4300Junos OS
CWE ID-CWE-241
Improper Handling of Unexpected Data Type
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found