Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20600

Summary
Assigner-Mitsubishi
Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At-08 Oct, 2021 | 16:42
Updated At-03 Aug, 2024 | 17:45
Rejected At-
Credits

Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mitsubishi
Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At:08 Oct, 2021 | 16:42
Updated At:03 Aug, 2024 | 17:45
Rejected At:
▼CVE Numbering Authority (CNA)

Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery.

Affected Products
Vendor
n/a
Product
Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V
Versions
Affected
  • Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior
Problem Types
TypeCWE IDDescription
textN/AUncontrolled Resource Consumption
Type: text
CWE ID: N/A
Description: Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdf
x_refsource_MISC
https://jvn.jp/vu/JVNVU94914666/index.html
x_refsource_MISC
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
x_refsource_MISC
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdf
Resource:
x_refsource_MISC
Hyperlink: https://jvn.jp/vu/JVNVU94914666/index.html
Resource:
x_refsource_MISC
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdf
x_refsource_MISC
x_transferred
https://jvn.jp/vu/JVNVU94914666/index.html
x_refsource_MISC
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
x_refsource_MISC
x_transferred
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://jvn.jp/vu/JVNVU94914666/index.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Published At:08 Oct, 2021 | 17:15
Updated At:16 May, 2023 | 22:50

Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.1HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.1
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CPE Matches

Mitsubishi Electric Corporation
mitsubishielectric
>>r12ccpu-v_firmware>>Versions up to 16(inclusive)
cpe:2.3:o:mitsubishielectric:r12ccpu-v_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishielectric
>>r12ccpu-v>>-
cpe:2.3:h:mitsubishielectric:r12ccpu-v:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU94914666/index.htmlMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU94914666/index.html
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-015_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

99Records found

CVE-2019-13555
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-1.52% / 71.54%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 22:27
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-l02\/06\/26cpul26cpu-pbtq04\/06\/13\/26udpvcpu_firmwarel26cpu-btq04\/06\/13\/26udpvcpuq03\/04\/06\/13\/26udvcpuq03udecpul26cpu-pbt_firmwareq04\/06\/10\/13\/20\/26\/50\/100udehcpuq03udecpu_firmwarel26cpu-bt-cm_firmwareq04\/06\/10\/13\/20\/26\/50\/100udehcpu_firmwarel26cpu-bt-cml02\/06\/26cpu_firmwareq03\/04\/06\/13\/26udvcpu_firmwarel02\/06\/26cpu-p_firmwarel02\/06\/26cpu-cm_firmwarel26cpu-bt_firmwarel02\/06\/26cpu-pl02\/06\/26cpu-cmMitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior. MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior.
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-10972
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.89% / 55.06%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 23:31
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-electric_fr_configurator2Mitsubishi Electric FR Configurator2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-5666
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-8.40% / 94.31%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 00:49
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-r02_firmwaremelsec_iq-r32melsec_iq-r04melsec_iq-r01melsec_iq-r16melsec_iq-r32_firmwaremelsec_iq-r00melsec_iq-r01_firmwaremelsec_iq-r04_firmwaremelsec_iq-r16_firmwaremelsec_iq-r08_firmwaremelsec_iq-r00_firmwaremelsec_iq-r08melsec_iq-r120_firmwaremelsec_iq-r02melsec_iq-r120MELSEC iQ-R Series CPU Modules
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1285
Matching Score-8
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-8
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.14%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 02:17
Updated-06 Feb, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gc-enet-com_firmwaregc-enet-comGC-ENET-COM
CWE ID-CWE-364
Signal Handler Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-22102
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 9.90%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error.

Action-Not Available
Vendor-jungon/aMitsubishi Electric Corporation
Product-mx_componentmr_configurator2gt_got2000mi_configuratornumerical_control_device_communicationsw1dnc-qsccf-b_firmwaresw1dnd-emsdk-b_firmwaregt_softgot2000gx_logviewerwindrivermrzjw3-mc2-utl_firmwaregx_works3mx_opc_server_da\/uasw1dnc-ccief-b_firmwaredata_transfer_classicsw0dnc-mneth-bgt_softgot1000gx_developersw1dnc-ccief-j_firmwarepx_developer\/monitor_toolsw1dnc-ccief-jsw1dnc-qsccf-bgenesis64sw1dnd-emsdk-bcw_configuratorsw1dnc-ccbd2-bsw1dnc-mnetg-bezsocketgx_works2cpu_module_logging_configuration_toolfr_configurator_sw3fr_configurator2iq_workssw1dnc-mnetg-b_firmwaresw1dnc-ccbd2-b_firmwaremr_configuratordata_transferrt_visualboxmrzjw3-mc2-utlgt_got1000sw0dnc-mneth-b_firmwaresw1dnc-ccief-brt_toolbox3n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-22104
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 14.20%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Action-Not Available
Vendor-jungon/ajungoMitsubishi Electric Corporation
Product-gt_got2000rt_visualboxfr_configurator_sw3mx_opc_server_da\/uasw1dnc-qsccf-bgx_works3sw1dnc-mnetg-b_firmwaregenesis64sw0dnc-mneth-bgt_got1000data_transfermrzjw3-mc2-utl_firmwaresw1dnc-mnetg-bezsocketsw0dnc-mneth-b_firmwaresw1dnc-ccbd2-b_firmwaresw1dnc-qsccf-b_firmwaresw1dnc-ccief-jgt_softgot1000sw1dnc-ccief-bsw1dnc-ccbd2-brt_toolbox3sw1dnc-ccief-b_firmwarefr_configurator2mx_componentsw1dnd-emsdk-bnumerical_control_device_communicationgx_logviewermr_configuratorsw1dnc-ccief-j_firmwarecw_configuratorwindrivercpu_module_logging_configuration_tooldata_transfer_classicgt_softgot2000px_developer\/monitor_toolgx_works2sw1dnd-emsdk-b_firmwaremr_configurator2mi_configuratoriq_worksmrzjw3-mc2-utlgx_developern/awindriver
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16850
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 79.60%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 21:34
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-r08sfcpur16mtcpu_firmwarer04cpu_firmwarer64mtcpur16sfcpu_firmwarer16mtcpur04cpur32pcpur08cpur64mtcpu_firmwarer08pcpur00cpu_firmwarer32mtcpu_firmwarer08pcpu_firmwarer02cpu_firmwarer32mtcpur16sfcpur16cpu_firmwarer16pcpur120cpu_firmwarer32cpu_firmwarer00cpur08sfcpu_firmwarer120cpur32sfcpu_firmwarer32sfcpur01cpur32pcpu_firmwarer01cpu_firmwarer16cpur08cpu_firmwarer16pcpu_firmwarer02cpur120pcpu_firmwarer120sfcpur120sfcpu_firmwarer32cpur120pcpun/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13238
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.34% / 87.17%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 19:53
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-melsec_iq-r01cpu_firmwaremelsec_iq-r120fcpumelsec_iq-r32cpu_firmwaremelsec_iq-r08fcpumelsec_iq-r16cpumelsec_iq-r32pcpu_firmwaremelsec_iq-r32pcpumelsec_iq-r32cpumelsec_iq-r32fcpu_firmwaremelsec_iq-r08sfcpu_firmwaremelsec_iq-r04cpu_firmwaremelsec_iq-r08pcpumelsec_iq-r16cpu_firmwaremelsec_iq-rj71en71_firmwaremelsec_iq-r120pcpu_firmwaremelsec_iq-r00cpumelsec_iq-r16fcpu_firmwaremelsec_iq-r08cpumelsec_iq-r00cpu_firmwaremelsec_iq-r16sfcpumelsec_iq-r32fcpumelsec_iq-rj71en71melsec_iq-r16pcpumelsec_iq-r16pcpu_firmwaremelsec_iq-r120sfcpumelsec_iq-r120sfcpu_firmwaremelsec_iq-r120cpumelsec_iq-r32sfcpu_firmwaremelsec_iq-r16fcpumelsec_iq-r08cpu_firmwaremelsec_iq-r08pcpu_firmwaremelsec_iq-r120cpu_firmwaremelsec_iq-r01cpumelsec_iq-r02cpumelsec_iq-r08fcpu_firmwaremelsec_iq-r02cpu_firmwaremelsec_iq-r120pcpumelsec_iq-r16sfcpu_firmwaremelsec_iq-r32sfcpumelsec_iq-r120fcpu_firmwaremelsec_iq-r04cpumelsec_iq-r08sfcpun/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6535
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-4.27% / 89.90%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 19:00
Updated-26 Jun, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mitsubishi Electric MELSEC-Q Series PLCs Resource Exhaustion

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-q03udecpuq04udvcpuq100udehcpu_firmwareq13udpvcpu_firmwareq06udvcpuq06udvcpu_firmwareq06udpvcpu_firmwareq06udehcpu_firmwareq20udehcpu_firmwareq50udehcpu_firmwareq50udehcpuq04udehcpuq26udvcpuq13udvcpuq06udpvcpuq26udvcpu_firmwareq04udpvcpu_firmwareq03udvcpu_firmwareq13udehcpu_firmwareq100udehcpuq26udpvcpuq03udecpu_firmwareq10udehcpu_firmwareq20udehcpuq26udehcpuq10udehcpuq04udvcpu_firmwareq04udpvcpuq06udehcpuq03udvcpuq13udvcpu_firmwareq26udpvcpu_firmwareq26udehcpu_firmwareq04udehcpu_firmwareq13udpvcpuq13udehcpuQ04/06/13/26UDPVCPUQ03/04/06/13/26UDVCPUQ03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-10977
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-3.54% / 87.87%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 13:28
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-qj71e71-100_firmwareqj71e71-100MELSEC-Q series Ethernet module
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-20591
Matching Score-6
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-6
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-1.50% / 71.10%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:52
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-r08sfcpur04cpu_firmwarer120psfcpu_firmwarer16sfcpu_firmwarer04cpur32pcpur08cpur16psfcpur08pcpur00cpu_firmwarer08pcpu_firmwarer02cpu_firmwarer16sfcpur16cpu_firmwarer16pcpur120cpu_firmwarer32cpu_firmwarer00cpur120psfcpur08sfcpu_firmwarer32psfcpu_firmwarer16psfcpu_firmwarer120cpur32sfcpu_firmwarer32sfcpur01cpur32pcpu_firmwarer01cpu_firmwarer08psfcpu_firmwarer08psfcpur16cpur08cpu_firmwarer16pcpu_firmwarer02cpur120pcpu_firmwarer120sfcpur32psfcpur120sfcpu_firmwarer32cpur120pcpuMELSEC iQ-R series CPU modules
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5652
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.53% / 87.84%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_l02cpu-pmelsec_l26cpu-pmelsec_q-q170mscpu-s1_firmwaremelsec_iq-r01cpu_firmwaremelsec_iq-r120psfcpumelsec_q-q26udvcpu_firmwaremelsec_iq-r32pcpumelsec_iq-r32mtcpumelsec_q-q172dscpu_firmwaremelsec_iq-r08sfcpu_firmwaremelsec_q-q04udehcpumelsec_q-q20udehcpumelsec_q-q04udvcpu_firmwaremelsec_q-q03udvcpumelsec_q-q04udpvcpumelsec_iq-r00cpumelsec_iq-r32encpumelsec_q-q173dcpu-s1_firmwaremelsec_iq-r32encpu_firmwaremelsec_q-q26udvcpumelsec_q-q50udehcpu_firmwaremelsec_iq-r120encpumelsec_iq-r16sfcpumelsec_iq-r16encpumelsec_q-q03udecpu_firmwaremelsec_q-q26udpvcpu_firmwaremelsec_iq-r16pcpumelsec_q-q172dscpumelsec_q-q06udehcpumelsec_q-q26udehcpumelsec_iq-r16psfcpumelsec_q-q173dscpumelsec_q-q20udehcpu_firmwaremelsec_iq-r08pcpu_firmwaremelsec_q-q170mcpumelsec_iq-r32psfcpumelsec_l06cpu-p_firmwaremelsec_iq-r32mtcpu_firmwaremelsec_q-q13udpvcpumelsec_iq-r02cpumelsec_iq-r01cpumelsec_iq-r32sfcpumelsec_iq-r16sfcpu_firmwaremelsec_iq-r120pcpumelsec_l26cpu-p_firmwaremelsec_iq-r120encpu_firmwaremelsec_q-q04udvcpumelsec_q-q13udpvcpu_firmwaremelsec_q-q03udvcpu_firmwaremelsec_iq-r08sfcpumelsec_iq-r08psfcpu_firmwaremelsec_q-q04udpvcpu_firmwaremelsec_l06cpu-pmelsec_q-q03udecpumelsec_iq-r16mtcpumelsec_q-q06udpvcpumelsec_iq-r32pcpu_firmwaremelsec_iq-r16encpu_firmwaremelsec_q-q172dcpu-s1melsec_q-q100udehcpumelsec_iq-r04encpumelsec_q-q100udehcpu_firmwaremelsec_iq-r64mtcpu_firmwaremelsec_iq-r32psfcpu_firmwaremelsec_q-q10udehcpu_firmwaremelsec_q-q170mcpu_firmwaremelsec_q-q04udehcpu_firmwaremelsec_iq-r04encpu_firmwaremelsec_q-q50udehcpumelsec_iq-r08pcpumelsec_l02cpu-p_firmwaremelsec_q-qmr-mq100_firmwaremelsec_iq-r08encpu_firmwaremelsec_iq-r120pcpu_firmwaremelsec_q-q173dcpu-s1melsec_q-q172dcpu-s1_firmwaremelsec_l26cpu-pbtmelsec_iq-r120psfcpu_firmwaremelsec_iq-r00cpu_firmwaremelsec_q-q170mscpu-s1melsec_iq-r64mtcpumelsec_q-q13udvcpumelsec_iq-r08encpumelsec_q-q173dscpu_firmwaremelsec_iq-r16mtcpu_firmwaremelsec_iq-r16pcpu_firmwaremelsec_q-q10udehcpumelsec_iq-r120sfcpumelsec_iq-r120sfcpu_firmwaremelsec_q-q13udehcpu_firmwaremelsec_l26cpu-pbt_firmwaremelsec_q-q13udvcpu_firmwaremelsec_iq-r32sfcpu_firmwaremelsec_q-qmr-mq100melsec_q-q26udpvcpumelsec_q-q06udpvcpu_firmwaremelsec_q-q06udehcpu_firmwaremelsec_q-q26udehcpu_firmwaremelsec_q-q13udehcpumelsec_iq-r02cpu_firmwaremelsec_iq-r16psfcpu_firmwaremelsec_iq-r08psfcpuMELSEC iQ-R, Q and L series
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5668
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-4.73% / 90.76%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 03:30
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-r08sfcpur04cpu_firmwarerj71gp21-sx_firmwarer120psfcpu_firmwarer16sfcpu_firmwarerj71gp21s-sx_firmwarerj72gf15-t2_firmwarer04cpur32pcpur08cpur16psfcpurj71gf11-t2_firmwarer08pcpurj71gp21-sxrj71c24-r4_firmwarerj71en71_firmwarerj71c24-r2r00cpu_firmwarer08pcpu_firmwarer02cpu_firmwarerj71gn11-t2r16sfcpur16cpu_firmwarer16pcpurj71gf11-t2r120cpu_firmwarer32cpu_firmwarer00cpur120psfcpur08sfcpu_firmwarer32psfcpu_firmwarer16psfcpu_firmwarerj71en71r120cpur32sfcpu_firmwarer32sfcpurj72gf15-t2r01cpur32pcpu_firmwarer01cpu_firmwarer08psfcpu_firmwarer08psfcpurj71c24-r2_firmwarer16cpur08cpu_firmwarerj71gn11-t2_firmwarer16pcpu_firmwarer02cpurj71gp21s-sxr120pcpu_firmwarerj71c24-r4r120sfcpur32psfcpur120sfcpu_firmwarer32cpur120pcpuMELSEC iQ-R
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5603
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.65%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 10:20
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsoft_fielddeviceconfiguratorm_commdtm-hartgx_works3melfa-worksmelsoft_iq_appportalgt_designer3gx_logviewermt_works2motion_control_settingcw_configuratormelsec-l_flexible_high-speed_i\/o_control_module_configuration_toolcpu_module_logging_configuration_toolmelsoft_navigatorgx_works2m_commdtm-io-linkmr_configurator2mi_configuratorrt_toolbox2em_configuratorrt_toolbox3Mitsubishi Electoric FA Engineering Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-5527
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.65%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 07:10
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-l06cpu_firmwarel02scpu-p_firmwarer04cpu_firmwarel26cpu-pq172dscpu_firmwareq25prhcpu_firmwareq26dhccpu-lsl26cpu-btl26cpu-pbt_firmwareq12prhcpufx3ur04cpul02cpufx5uj_firmwarefx3sq12phcpuq02phcpu_firmwarefx5uq24dhccpu-vr02cpu_firmwarel06cpu-pr16cpu_firmwarer120cpu_firmwarefx3gc_firmwarer32cpu_firmwarefx5ujr00cpul02cpu-pfx3u_firmwarer16encpu_firmwareq24dhccpu-vg2l02cpu_firmwarecr800-q_firmwarer04encpuq173dscpu_firmwarer16cpufx3s_firmwareq26dhccpu-ls_firmwarer08encpufx5u_firmwareq12dccpu-vq12phcpu_firmwareq24dhccpu-lsq06phcpu_firmwarer32cpufx3gq25phcpu_firmwarer120encpur08cpul26cpu-p_firmwareq24dhccpu-vg2_firmwarefx5ucr00cpu_firmwarer16encpul26cpul02scpuq24dhccpu-v_firmwarer32encpu_firmwareq173dscpufx3uc_firmwareq25prhcpuq173nccpu_firmwarel06cpu-p_firmwarer08encpu_firmwareq25phcpuq12prhcpu_firmwarefx5uc_firmwarefx3gcr32encpul26cpu-pbtr120cpucr800-qr01cpur04encpu_firmwareq02phcpur01cpu_firmwareq172dscpul02scpu-pr08cpu_firmwarer120encpu_firmwarel02scpu_firmwareq24dhccpu-ls_firmwarer02cpufx3ucl02cpu-p_firmwareq06phcpul26cpu-bt_firmwarel26cpu_firmwarel06cpufx3g_firmwareq173nccpuq12dccpu-v_firmwareMELSOFT transmission port (UDP/IP) of multiple Mitsubishi Electric MELSEC series
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-9358
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6||MEDIUM
EPSS-0.74% / 50.21%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 01:00
Updated-03 Dec, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThingsBoard HTTP RPC API resource consumption

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024.

Action-Not Available
Vendor-thingsboardn/a
Product-thingsboardThingsBoard
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-11530
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.05% / 78.94%
||
7 Day CHG~0.00%
Published-23 Jul, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-20882
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-5.9||MEDIUM
EPSS-0.59% / 43.76%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-16 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.

Action-Not Available
Vendor-n/aCloud Foundry
Product-routing_releasecf-deploymentCloud Foundry Routing release
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-12140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.23% / 80.61%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2017-11526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.92% / 85.32%
||
7 Day CHG~0.00%
Published-23 Jul, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-11527
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.77% / 75.43%
||
7 Day CHG~0.00%
Published-23 Jul, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-1000476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.85% / 84.99%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 18:00
Updated-05 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-6172
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.82% / 88.79%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

Action-Not Available
Vendor-powerdnsn/aopenSUSE
Product-leapauthoritative_serveropensusen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-4570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.59% / 72.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

Action-Not Available
Vendor-mini-xml_projectn/aDebian GNU/Linux
Product-debian_linuxmini-xmln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-4571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.59% / 72.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

Action-Not Available
Vendor-mini-xml_projectn/aDebian GNU/Linux
Product-debian_linuxmini-xmln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9320
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 24.17%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:53
Updated-23 Jun, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.IBM Corporation
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2004-1464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-5.13% / 91.38%
||
7 Day CHG~0.00%
Published-13 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-09||Apply updates per vendor instructions.

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/aIOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-10047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.73% / 74.82%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-0004
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.25% / 65.70%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Kernel Denial of Service Vulnerability

A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-10058
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.58% / 72.62%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-28176
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-2.08% / 79.30%
||
7 Day CHG~0.00%
Published-09 Mar, 2024 | 00:43
Updated-05 Dec, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.

Action-Not Available
Vendor-jose_projectpanvaFedora Project
Product-josefedorajose
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-39280
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.98% / 57.99%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression denial of service in dparse

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.

Action-Not Available
Vendor-pyuppyupio
Product-dependency_parserdparse
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-1765
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.18% / 63.74%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 18:04
Updated-06 Aug, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker.  quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-quichequiche
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-45680
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 23.71%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:24
Updated-03 Jun, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. This issue has been patched in version 0.9.0.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-ebpf_instrumentationopentelemetry-ebpf-instrumentation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-834
Excessive Iteration
CVE-2020-14340
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-2.22% / 80.53%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 12:04
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.
Product-jboss_data_gridcommunications_cloud_native_core_service_communication_proxycommunications_cloud_native_core_consolecommunications_cloud_native_core_security_edge_protection_proxyjboss_fusecommunications_cloud_native_core_unified_data_repositorycommunications_cloud_native_core_network_repository_functionjboss_data_virtualizationxniojboss_soa_platformjboss_brmsjboss_enterprise_application_platformjboss_operations_networkcommunications_cloud_native_core_policyXNIO
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-41711
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-5.9||MEDIUM
EPSS-0.28% / 19.79%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:48
Updated-27 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Denial of Service through crafted Sort Parameters

Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Broadcom Inc.
Product-spring_data_commonsSpring Data Commons
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-39865
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.73% / 49.82%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 14:25
Updated-27 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability exists in the Http2Sessions.getSession() method in lib/adapters/http.js. The session cleanup logic contains a control flow error when removing sessions from the sessions array. This vulnerability is fixed in 1.13.2.

Action-Not Available
Vendor-axiosaxios
Product-axiosaxios
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-662
Improper Synchronization
CVE-2019-9717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.28% / 66.43%
||
7 Day CHG~0.00%
Published-19 Sep, 2019 | 20:28
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.

Action-Not Available
Vendor-libavn/a
Product-libavn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-0157
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.86%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 16:59
Updated-04 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

Action-Not Available
Vendor-Dell Inc.
Product-storage_monitoring_and_reportingstorage_resource_managerDell Storage Resource Manager
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-384
Session Fixation
CVE-2026-33610
Matching Score-4
Assigner-Open-Xchange
ShareView Details
Matching Score-4
Assigner-Open-Xchange
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 31.26%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 14:00
Updated-24 Apr, 2026 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible file descriptor exhaustion in forward-dnsupdate

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.

Action-Not Available
Vendor-powerdnsPowerDNS
Product-authoritativeAuthoritative
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-50019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.64% / 46.05%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-40692
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.07% / 60.92%
||
7 Day CHG~0.00%
Published-03 Dec, 2023 | 23:51
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-23184
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-1.94% / 77.70%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 09:35
Updated-15 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: Denial of Service vulnerability with temporary files

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxfApache CXF
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-41721
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 25.00%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:48
Updated-30 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Broadcom Inc.
Product-spring_data_commonsSpring Data Commons
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-36064
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.10% / 61.59%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 20:55
Updated-22 Apr, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shescape Inefficient Regular Expression Complexity vulnerability

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; and/or using the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. An attacker can cause polynomial backtracking or quadratic runtime in terms of the input string length due to two Regular Expressions in Shescape that are vulnerable to Regular Expression Denial of Service (ReDoS). This bug has been patched in v1.5.10. For `Dash` only, this bug has been patched since v1.5.9. As a workaround, a maximum length can be enforced on input strings to Shescape to reduce the impact of the vulnerability. It is not recommended to try and detect vulnerable input strings, as the logic for this may end up being vulnerable to ReDoS itself.

Action-Not Available
Vendor-shescape_projectericcornelissen
Product-shescapeshescape
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-15961
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.14% / 86.31%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 19:05
Updated-15 Nov, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxClamAVCanonical Ltd.Cisco Systems, Inc.
Product-ubuntu_linuxemail_security_appliance_firmwareclamavdebian_linuxClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-3885
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.47% / 70.66%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Detection Engine
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-8184
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-5.9||MEDIUM
EPSS-1.04% / 59.75%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 15:09
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-jettyJetty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-38737
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.79% / 51.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 18:07
Updated-02 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server Liberty
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-3782
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-5.9||MEDIUM
EPSS-0.60% / 44.54%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 20:57
Updated-28 Oct, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

Action-Not Available
Vendor-squareup
Product-okhttp-brotli
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • Next
Details not found