Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20609

Summary
Assigner-Mitsubishi
Assigner Org ID-e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At-01 Dec, 2021 | 15:41
Updated At-03 Aug, 2024 | 17:45
Rejected At-
Credits

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Mitsubishi
Assigner Org ID:e0f77b61-78fd-4786-b3fb-1ee347a748ad
Published At:01 Dec, 2021 | 15:41
Updated At:03 Aug, 2024 | 17:45
Rejected At:
▼CVE Numbering Authority (CNA)

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Affected Products
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R00CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "24" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R01CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "24" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R02CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "24" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R04CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120CPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R04ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120ENCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "57" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120SFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "26" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120PCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "29" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R08PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R120PSFCPU
Default Status
unaffected
Versions
Affected
  • Firmware versions "08" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R16MTCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "23" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R32MTCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "23" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R64MTCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "23" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC iQ-R Series R12CCPU-V
Default Status
unaffected
Versions
Affected
  • Firmware versions "16" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q03UDECPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q04UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q06UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q10UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q13UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q20UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q50UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q100UDEHCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q03UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q04UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q06UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q13UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26UDVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q04UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q06UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q13UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26UDPVCPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23071" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q12DCCPU-V
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q24DHCCPU-V
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q24DHCCPU-VG
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q24DHCCPU-LS
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q26DHCCPU-LS
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "24031" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series MR-MQ100
Default Status
unaffected
Versions
Affected
  • Operating system software version "F" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q172DCPU-S1
Default Status
unaffected
Versions
Affected
  • Operating system software version "W" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q173DCPU-S1
Default Status
unaffected
Versions
Affected
  • Operating system software version "W" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q172DSCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q173DSCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q170MCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "W" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q170MSCPU
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC Q Series Q170MSCPU-S1
Default Status
unaffected
Versions
Affected
  • Operating system software version "Y" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L02CPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L06CPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L02CPU-P
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L06CPU-P
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU-P
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU-BT
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELSEC L Series L26CPU-PBT
Default Status
unaffected
Versions
Affected
  • The first 5 digits of serial No. "23121" and prior
Vendor
Mitsubishi Electric CorporationMitsubishi Electric Corporation
Product
MELIPC Series MI5122-VW
Default Status
unaffected
Versions
Affected
  • Firmware versions "05" and prior
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ADenial of Service
CAPEC ID: N/A
Description: Denial of Service
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
vendor-advisory
https://jvn.jp/vu/JVNVU94434051/index.html
government-resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
government-resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
Resource:
vendor-advisory
Hyperlink: https://jvn.jp/vu/JVNVU94434051/index.html
Resource:
government-resource
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Resource:
government-resource
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
vendor-advisory
x_transferred
https://jvn.jp/vu/JVNVU94434051/index.html
government-resource
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
government-resource
x_transferred
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
Resource:
vendor-advisory
x_transferred
Hyperlink: https://jvn.jp/vu/JVNVU94434051/index.html
Resource:
government-resource
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Resource:
government-resource
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Published At:01 Dec, 2021 | 16:15
Updated At:09 Nov, 2023 | 09:15

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches

Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r00_cpu_firmware>>Versions up to 24(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r00_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r01_cpu_firmware>>Versions up to 24(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r01_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r01_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r02_cpu_firmware>>Versions up to 24(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r02_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r02_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_cpu_firmware>>Versions up to 57(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_cpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_cpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r04_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r04_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r04_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_pcpu_firmware>>Versions up to 29(inclusive)
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_pcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_pcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_pcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r08_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r08_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r08_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_sfcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r120_sfcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r120_sfcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r120_sfcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_mtcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r16_mtcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r16_mtcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r16_mtcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_mtcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r32_mtcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r32_mtcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r32_mtcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r64_mtcpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r64_mtcpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r64_mtcpu>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r64_mtcpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r12_ccpu-v_firmware>>*
cpe:2.3:o:mitsubishi:melsec_iq-r_r12_ccpu-v_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_iq-r_r12_ccpu-v>>-
cpe:2.3:h:mitsubishi:melsec_iq-r_r12_ccpu-v:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q03udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q03udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q03udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q03udecpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q04udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q04udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q04udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q04udecpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q06udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q06udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q06udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q06udecpu:-:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q10udecpu_firmware>>*
cpe:2.3:o:mitsubishi:melsec_q10udecpu_firmware:*:*:*:*:*:*:*:*
Mitsubishi Electric Corporation
mitsubishi
>>melsec_q10udecpu>>-
cpe:2.3:h:mitsubishi:melsec_q10udecpu:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE-400SecondaryMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU94434051/index.htmlMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Third Party Advisory
US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdfMitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU94434051/index.html
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-019_en.pdf
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1441Records found

CVE-2023-20155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.45%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 16:48
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1992
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-4.62% / 90.57%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxWireshark Foundation
Product-fedoradebian_linuxwiresharkWireshark
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1580
Matching Score-4
Assigner-Devolutions Inc.
ShareView Details
Matching Score-4
Assigner-Devolutions Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.17%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 17:49
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable.

Action-Not Available
Vendor-Devolutions
Product-devolutions_gatewayGateway
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1605
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.29%
||
7 Day CHG-0.01%
Published-23 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in radareorg/radare2

Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1733
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.24% / 65.59%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-20051
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.87% / 54.27%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-28 Oct, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability

A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_5000packet_data_network_gatewayasr_5500asr_5700Cisco ASR 5000 Series Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-40634
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.39% / 69.05%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 17:22
Updated-09 Jan, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments. This vulnerability is fixed in 2.11.6, 2.10.15, and 2.9.20.

Action-Not Available
Vendor-argoprojargoprojargoproj
Product-argo_cdargo-cdargo-cd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-41727
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 38.03%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-20 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TMM vulnerability

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_automation_toolchainbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerr2000big-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerr4000big-ip_application_visibility_and_reportingbig-ip_container_ingress_servicesbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-9137
Matching Score-4
Assigner-Computer Incident Response Center Luxembourg (CIRCL)
ShareView Details
Matching Score-4
Assigner-Computer Incident Response Center Luxembourg (CIRCL)
CVSS Score-5.1||MEDIUM
EPSS-0.36% / 28.50%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 18:43
Updated-22 Jun, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.

Action-Not Available
Vendor-misp-projectmisp
Product-mispmisp
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2006-7229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 84.75%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.

Action-Not Available
Vendor-n/aUbuntu
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-0662
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-7.5||HIGH
EPSS-1.41% / 69.36%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 06:24
Updated-18 Mar, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS vulnerability when parsing multipart request body

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

Action-Not Available
Vendor-The PHP Group
Product-phpPHP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-0384
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 52.30%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:02
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consuption in M-Files Server

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-0518
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.22% / 64.92%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2006-5708
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 58.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.

Action-Not Available
Vendor-alt-nn/a
Product-mdaemonn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-4068
Matching Score-4
Assigner-Checkmarx
ShareView Details
Matching Score-4
Assigner-Checkmarx
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.63%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 10:06
Updated-31 Dec, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Exhaustion in braces

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Action-Not Available
Vendor-jonschlinkertmicromatchmicromatch
Product-bracesbracesbraces
CWE ID-CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-0383
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 53.76%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:00
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consuption in M-Files Server

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41123
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.28% / 66.58%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 14:18
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Action-Not Available
Vendor-Ruby
Product-rexmlrexmlrexml
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-11521
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.33% / 81.47%
||
7 Day CHG~0.00%
Published-22 Jul, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.

Action-Not Available
Vendor-resiprocaten/aDebian GNU/Linux
Product-debian_linuxresiprocaten/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9071
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.20%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:47
Updated-23 Jun, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by Uncontrolled Resource Consumption

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.IBM Corporation
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-26289
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.15% / 79.86%
||
7 Day CHG~0.00%
Published-28 Dec, 2020 | 18:50
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression Denial of Service in date-and-time

date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.

Action-Not Available
Vendor-date-and-time_projectknowledgecode
Product-date-and-timedate-and-time
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-4952
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.72% / 49.36%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 02:00
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OmniSharp csharp-language-server-protocol JSON Serializer SerializerBase.cs CreateSerializerSettings resource consumption

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-dotnetfoundationOmniSharp
Product-c\#_language_server_protocolcsharp-language-server-protocol
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-39693
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.61%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 19:54
Updated-10 Sep, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Next.js Denial of Service (DoS) condition

Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.

Action-Not Available
Vendor-vercelvercelvercel
Product-next.jsnext.jsnext.js
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-39551
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 37.69%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 16:29
Updated-23 Jan, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).  Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command.   user@host> show usp memory segment sha data objcache jsf  This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:  *  20.4 before 20.4R3-S10,  *  21.2 before 21.2R3-S6,  *  21.3 before 21.3R3-S5,  *  21.4 before 21.4R3-S6,  *  22.1 before 22.1R3-S4,  *  22.2 before 22.2R3-S2,  *  22.3 before 22.3R3-S1,  *  22.4 before 22.4R3,  *  23.2 before 23.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200mx2008srx5600mx2010srx4700srx4100srx1500srx5400srx300srx340mx10008mx960junosms-mpcsrx320mx480srx4600srx5800mx2020mx-spc3srx4120mx304mx204mx10004srx4300ms-micmx240srx2300srx380srx1600Junos OSjunos_os
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2007-20001
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.42%
||
7 Day CHG-0.01%
Published-06 Feb, 2022 | 20:19
Updated-07 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20.

Action-Not Available
Vendor-starwindsoftwaren/a
Product-iscsi_sann/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-48571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.68%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.

Action-Not Available
Vendor-memcachedn/a
Product-memcachedn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-48351
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-39548
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.49% / 38.64%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 16:26
Updated-23 Jan, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted. This issue affects both IPv4 and IPv6.  Changes in memory usage can be monitored using the following CLI command: user@device> show system memory node <fpc slot> | grep evo-aftmann This issue affects Junos OS Evolved:  * All versions before 21.2R3-S8-EVO,  * 21.3 versions before 21.3R3-S5-EVO,  * 21.4 versions before 21.4R3-S5-EVO,  * 22.1 versions before 22.1R3-S4-EVO,  * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO,  * 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolvedjunos_os_evolved
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-4767
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.6||HIGH
EPSS-0.68% / 47.82%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in usememos/memos

Denial of Service in GitHub repository usememos/memos prior to 0.9.1.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-10608
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-7.82% / 93.95%
||
7 Day CHG~0.00%
Published-24 Jul, 2018 | 13:00
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required.

Action-Not Available
Vendor-Schweitzer Engineering Laboratories, Inc. (SEL)
Product-acselerator_architectAcSELerator Architect
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-48748
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.43%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 11:13
Updated-11 May, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: bridge: vlan: fix memory leak in __allowed_ingress

In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and the pvid state is not learning/forwarding, untagged or priority-tagged frame will be dropped but skb memory is not freed. Should free skb when __allowed_ingress returns false.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-29490
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.48% / 70.82%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-4899
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.67%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Action-Not Available
Vendor-n/aFacebook
Product-zstandardzstd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-46315
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.13%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosEMUIHarmonyOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38068
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-54605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.32%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 00:00
Updated-07 Nov, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38067
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-46352
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.27%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products.

Action-Not Available
Vendor-Siemens AG
Product-6gk5204-0bs00-3pa36gk5204-0ba00-2mb2_firmware6gk5204-0ba00-2kb2_firmware6gk5204-0ba00-2mb26gk5204-0ba00-2kb26gk5204-0bs00-3la3_firmware6gk5204-0bs00-2na3_firmware6gk5204-0bs00-3pa3_firmware6gk5204-0bs00-2na36gk5204-0bs00-3la3SCALANCE X204RNA (HSR)SCALANCE X204RNA EEC (PRP/HSR)SCALANCE X204RNA EEC (PRP)SCALANCE X204RNA EEC (HSR)SCALANCE X204RNA (PRP)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38236
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.30% / 81.22%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

DHCP Server Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38015
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 82.32%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-10070
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.99% / 95.85%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 21:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.

Action-Not Available
Vendor-n/aMikroTik
Product-routerrouter_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-45044
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.70% / 48.62%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-11 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_7sj82_firmwaresiprotec_5_7sl82siprotec_5_7sj86_firmwaresiprotec_5_7sk82_firmwaresiprotec_5_7ke85siprotec_5_6md86_firmwaresiprotec_5_communication_module_ethba2el_firmwaresiprotec_5_7ve85siprotec_5_7sd86siprotec_5_7ut85_firmwaresiprotec_5_7vk87siprotec_5_7sj85_firmwaresiprotec_5_7sl87siprotec_5_7sj86siprotec_5_6md86siprotec_5_7vk87_firmwaresiprotec_5_7sa86siprotec_5_compact_7sx800siprotec_5_7ut87_firmwaresiprotec_5_7sl86siprotec_5_7sk85siprotec_5_7sj81siprotec_5_communication_module_ethbd2fo_firmwaresiprotec_5_7sk82siprotec_5_6md85_firmwaresiprotec_5_7ut82_firmwaresiprotec_5_compact_7sx800_firmwaresiprotec_5_7st85siprotec_5_7um85siprotec_5_communication_module_ethbb2fosiprotec_5_6md89_firmwaresiprotec_5_7ut85siprotec_5_7sa82siprotec_5_7sa87_firmwaresiprotec_5_7sj85siprotec_5_communication_module_ethbb2fo_firmwaresiprotec_5_7sj82siprotec_5_7sl87_firmwaresiprotec_5_7sd87siprotec_5_7ve85_firmwaresiprotec_5_7sa82_firmwaresiprotec_5_7ut86siprotec_5_7st85_firmwaresiprotec_5_7sa87siprotec_5_6mu85siprotec_5_7sx85_firmwaresiprotec_5_6mu85_firmwaresiprotec_5_6md89siprotec_5_7um85_firmwaresiprotec_5_7sd82_firmwaresiprotec_5_7ut87siprotec_5_7ut86_firmwaresiprotec_5_7ss85_firmwaresiprotec_5_7sx85siprotec_5_7ke85_firmwaresiprotec_5_6md85siprotec_5_7sl82_firmwaresiprotec_5_7sk85_firmwaresiprotec_5_7sl86_firmwaresiprotec_5_7ut82siprotec_5_7sd82siprotec_5_communication_module_ethba2elsiprotec_5_7sj81_firmwaresiprotec_5_7sd86_firmwaresiprotec_5_communication_module_ethbd2fosiprotec_5_7sa86_firmwaresiprotec_5_7ss85siprotec_5_7sd87_firmwareSIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SD84 (CP200)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SA84 (CP200)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SA87 (CP200)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38031
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9496
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.59%
||
7 Day CHG+0.01%
Published-26 May, 2026 | 05:00
Updated-27 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.

Action-Not Available
Vendor-n/a
Product-pacoteorg.webjars.npm:pacote
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38149
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 80.17%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BranchCache Denial of Service Vulnerability

BranchCache Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-28944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.57% / 72.38%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:06
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.

Action-Not Available
Vendor-n/aOpen-Xchange AG
Product-ox_guardn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-54730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.51%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-45003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 59.72%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.

Action-Not Available
Vendor-getgophishn/a
Product-gophishn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38168
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.70% / 84.12%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022.netMicrosoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.8.NET 8.0Microsoft Visual Studio 2022 version 17.10
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43780
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.05%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 17:42
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.

Action-Not Available
Vendor-HP Inc.
Product-m2u94b_firmwarez4b27az4a73a_firmwarez4a59a_firmwarez4b29a_firmwarez4a59am2u85bm2u85b_firmwarem2u92a_firmwarez4a70am2u89bz4a71az4a70a_firmwarem2u84a_firmwarem2u81b_firmwarem2u86b_firmwarem2u86cm2u91am2u86bz4b14am2u91bz4a74am2u92b_firmwarem2u81a_firmwarem2u91b_firmwarez4b28az4b29am2u92az4b12a_firmwarem2u81am2u87a_firmwarez4a69a_firmwarez4a60az4b14a_firmwarem2u81bm2u82am2u77az4a54am2u75am2u87bz4b13a_firmwarez4a74a_firmwarem2u75a_firmwarem2u77a_firmwarez4b18az4a61am2u76a_firmwarem2u82a_firmwarem2u84am2u76am2u84b_firmwarez4a71a_firmwarem2u86c_firmwarez4a61b_firmwarem2u92bz4b12az4b28a_firmwarem2u82b_firmwarem2u82bm2u94a_firmwarem2u87az4b18a_firmwarez4a54a_firmwarem2u91a_firmwarem2u87b_firmwarez4a61a_firmwarem2u86a_firmwarem2u94az4a73az4a69am2u88bm2u84bz4a61bm2u94bm2u85az4a60a_firmwarez4b27a_firmwarem2u89b_firmwarez4b13am2u86am2u85a_firmwarem2u88b_firmwareCertain HP ENVY, OfficeJet, and DeskJet printers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-37125
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.59%
||
7 Day CHG+0.02%
Published-26 Sep, 2024 | 17:01
Updated-25 Nov, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 28
  • 29
  • Next
Details not found