Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-29932

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Apr, 2021 | 04:24
Updated At-03 Aug, 2024 | 22:18
Rejected At-
Credits

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Apr, 2021 | 04:24
Updated At:03 Aug, 2024 | 22:18
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://rustsec.org/advisories/RUSTSEC-2021-0041.html
x_refsource_MISC
Hyperlink: https://rustsec.org/advisories/RUSTSEC-2021-0041.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://rustsec.org/advisories/RUSTSEC-2021-0041.html
x_refsource_MISC
x_transferred
Hyperlink: https://rustsec.org/advisories/RUSTSEC-2021-0041.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Apr, 2021 | 05:15
Updated At:12 Jul, 2022 | 17:42

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

parse_duration_project
parse_duration_project
>>parse_duration>>Versions up to 2021-03-18(inclusive)
cpe:2.3:a:parse_duration_project:parse_duration:*:*:*:*:*:rust:*:*
Weaknesses
CWE IDTypeSource
CWE-770Primarynvd@nist.gov
CWE ID: CWE-770
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://rustsec.org/advisories/RUSTSEC-2021-0041.htmlcve@mitre.org
Vendor Advisory
Hyperlink: https://rustsec.org/advisories/RUSTSEC-2021-0041.html
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

835Records found

CVE-2023-22323
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.20%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:53
Updated-26 Mar, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SSL OCSP Authentication profile vulnerability

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-21144
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-9563
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.60%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 07:33
Updated-02 Jul, 2026 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-Eclipse Parsson
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-25648
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.85% / 88.88%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.Fedora ProjectMozilla Corporation
Product-communications_pricing_design_centercommunications_offline_mediation_controllernetwork_security_servicesfedoraenterprise_linuxjd_edwards_enterpriseone_toolsnss
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-8966
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.27%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:11
Updated-15 Oct, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in gradio-app/gradio

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Action-Not Available
Vendor-gradiogradio-app
Product-videogradio-app/gradio
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20108
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.37%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_manager_im_and_presence_serviceCisco Unified Communications Manager IM and Presence Service
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.45%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 16:48
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-41132
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 51.28%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:28
Updated-11 Sep, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

Action-Not Available
Vendor-sixlaborsSixLaborssixlabors
Product-imagesharpImageSharpimagesharp
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-29487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 69.76%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 17:30
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable.

Action-Not Available
Vendor-n/aXen Project
Product-xapin/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41727
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 38.03%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-20 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TMM vulnerability

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_automation_toolchainbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerr2000big-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerr4000big-ip_application_visibility_and_reportingbig-ip_container_ingress_servicesbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-4140
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.53%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 19:59
Updated-26 Aug, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

Action-Not Available
Vendor-rjbsrjbsrjbsFedora Project
Product-email-mimefedoraEmail-MIMEemail_mime
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41742
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.46%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 15:03
Updated-16 Jul, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelTXSeries for Multiplatforms
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41743
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.63%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 15:02
Updated-16 Jul, 2025 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelTXSeries for Multiplatforms
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-11468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.19% / 86.55%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.

Action-Not Available
Vendor-n/aDocker, Inc.Red Hat, Inc.
Product-docker_registryenterprise_linux_servern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-0121
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.64%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-0383
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 53.76%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:00
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consuption in M-Files Server

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-50695
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.74% / 50.14%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-18 Feb, 2026 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.

Action-Not Available
Vendor-sound4SOUND4 Ltd.Kantar Media
Product-pulsebig_voice4_firmwarefirstpulse_firmwarewm2pulse_eco_firmwareimpact_ecoimpact_eco_firmwarebig_voice4stream_extensionwm2_firmwarefirst_firmwareimpactbig_voice2impact_firmwarepulse_ecobig_voice2_firmwareImpact/Pulse/FirstImpact/Pulse EcoBigVoice4BigVoice2StreamWM2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-12934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.25% / 86.82%
||
7 Day CHG~0.00%
Published-28 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-50799
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.36% / 27.80%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-02 Jan, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application.

Action-Not Available
Vendor-Fetch Softworks
Product-Fetch Softworks Fetch FTP Client
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-39944
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 03:13
Updated-30 Sep, 2025 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-nvr4432-16p-4ks2\/i_firmwarenvr4208-8p-4ks3nvr4208-8p-4ks2\/l_firmwarenvr4232-4ks2\/l_firmwarenvr4108-4ks3nvr4108-4ks2\/lnvr4204-p-4ks2\/l_firmwarenvr4108hs-4ks3_firmwarenvr4232-4ks3nvr4232-16p-4ks3_firmwarenvr4232-16p-4ks3nvr4104-4ks3_firmwarenvr4816-16p-4ks2\/i_firmwarenvr4108-4ks2\/l_firmwarenvr4108-8p-4ks2\/l_firmwarenvr4104hs-p-4ks3nvr4216-4ks2\/lnvr4116hs-8p-4ks3_firmwarenvr4416-4ks2\/invr4816-16p-4ks2\/invr4104hs-4ks2\/l_firmwarenvr4108-8p-4ks3_firmwarenvr4204-p-4ks2\/lnvr4104hs-p-4ks3\(960g\)nvr4416-4ks2\/i_firmwarenvr4104-4ks3nvr4832-4ks2\/i_firmwarenvr4104-p-4ks3nvr4232-16p-4ks2\/lnvr4108-p-4ks3ipc-hfs8449g-z7-lednvr4108-4ks3_firmwarenvr4108hs-4ks2\/lnvr4204-4ks3_firmwarenvr4204-4ks2\/lnvr4108hs-4ks2\/l_firmwarenvr4232-16p-4ks2\/l_firmwarenvr4108hs-8p-4ks3_firmwarenvr4832-16p-4ks2\/i_firmwarenvr4216-16p-4ks3_firmwarenvr4116hs-8p-4ks2\/lnvr4108hs-p-4ks2\/lnvr4104-p-4ks2\/lnvr4104hs-p-4ks3_firmwarenvr4104-p-4ks3_firmwarenvr4432-4ks2\/invr4208-4ks3nvr4208-4ks2\/l_firmwarenvr4208-8p-4ks3_firmwarenvr4104-4ks2\/l_firmwarenvr4204-p-4ks3_firmwarenvr4204-p-4ks3nvr4108hs-8p-4ks2\/lnvr4116-4ks3nvr4104hs-4ks2\/lnvr4108hs-4ks3\(960g\)nvr4104-p-4ks3\(960g\)nvr4216-4ks3nvr4104hs-4ks3\(960g\)_firmwarenvr4432-16p-4ks2\/invr4216-4ks3_firmwarenvr4232-4ks2\/lnvr4816-4ks2\/i_firmwarenvr4108hs-p-4ks3nvr4208-4ks2\/lnvr4116hs-4ks3ipc-hfs8849g-z3-led_firmwarenvr4816-4ks2\/invr4108-8p-4ks3nvr4108-p-4ks2\/l_firmwarenvr4216-16p-4ks2\/lnvr4416-16p-4ks2\/i_firmwarenvr4108hs-4ks3nvr4116-4ks2\/l_firmwarenvr4204-4ks2\/l_firmwarenvr4104hs-4ks3nvr4116hs-8p-4ks3nvr4104hs-p-4ks3\(960g\)_firmwarenvr4108hs-4ks3\(960g\)_firmwarenvr4108-p-4ks2\/lnvr4104-4ks2\/lnvr4116-8p-4ks3_firmwarenvr4208-8p-4ks2\/lnvr4116hs-4ks2\/lnvr4216-16p-4ks3nvr4116-8p-4ks3nvr4432-4ks2\/i_firmwarenvr4208-4ks3_firmwarenvr4832-16p-4ks2\/invr4108hs-8p-4ks3nvr4108hs-p-4ks2\/l_firmwarenvr4104-p-4ks3\(960g\)_firmwarenvr4104hs-4ks3\(960g\)nvr4104hs-p-4ks2\/lipc-hfs8449g-z7-led_firmwarenvr4216-4ks2\/l_firmwarenvr4116-4ks2\/lnvr4116-8p-4ks2\/lnvr4108-8p-4ks2\/lnvr4116hs-8p-4ks2\/l_firmwarenvr4216-16p-4ks2\/l_firmwarenvr4232-4ks3_firmwarenvr4116hs-4ks3_firmwarenvr4104-p-4ks2\/l_firmwareipc-hfs8849g-z3-lednvr4108hs-8p-4ks2\/l_firmwarenvr4116-4ks3_firmwarenvr4116hs-4ks2\/l_firmwarenvr4108hs-p-4ks3_firmwarenvr4832-4ks2\/invr4116-8p-4ks2\/l_firmwarenvr4104hs-p-4ks2\/l_firmwarenvr4416-16p-4ks2\/invr4104hs-4ks3_firmwarenvr4204-4ks3nvr4108-p-4ks3_firmwareIPC-HX8XXX and NVR4XXXipc-hfw8xxxnvr4832-iipc-hf8xxx_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-28400
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-1.86% / 76.62%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-14 Apr, 2026 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_x201-3p_irtscalance_xr324-4m_eecruggedcom_rm1224_firmwarescalance_x206-1scalance_x320-1fe_firmwareek-ertec_200_evaulation_kit_firmwarescalance_xp-200scalance_xr324-4m_eec_firmwarescalance_xf-200bascalance_x208simatic_mv500softnet-ie_pnioscalance_x204-2_scalance_x206-1_firmwarescalance_s615_firmwarescalance_x204_irtscalance_m-800_firmwarescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xc-200_firmwarescalance_xf204-2ba_irtscalance_xr324-12m_tssimatic_profinet_driver_firmwarescalance_xf208_firmwarescalance_xr-300wg_firmwarescalance_x306-1ldfescalance_x202-2p_irt_proscalance_x304-2fescalance_x204-2fm_firmwarescalance_x204-2tssimatic_mv500_firmwarescalance_xr324-4m_poe_ts_firmwarescalance_xf204scalance_x200-4_p_irtscalance_x308-2lh\+scalance_xm400scalance_x307-3_firmwarescalance_xf204_irtscalance_xf-200ba_firmwarescalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_x310fe_firmwarescalance_xf204-2ba_irt_firmwarescalance_x308-2ldscalance_w700simocode_prov_ethernet\/ipsimatic_net_cp1604_firmwarescalance_x308-2scalance_xr324-12m_ts_firmwareruggedcom_rm1224scalance_x204-2ld_tsscalance_s615scalance_x224simatic_net_cm_1542-1scalance_x302-7eec_firmwarescalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x200-4_p_irt_firmwarescalance_x308-2m_tsscalance_xr324-4m_poeek-ertec_200p_evaluation_kitsimocode_prov_profinetscalance_w700_firmwarescalance_x307-3ldscalance_x204_irt_pro_firmwareek-ertec_200_evaulation_kitscalance_w1700_firmwarescalance_xf201-3p_irt_firmwarescalance_xb-200_firmwaresimatic_net_cp1616_firmwarescalance_xc-200scalance_xr324-4m_poe_tssimatic_net_cp1616scalance_m-800scalance_x201-3p_irt_pro_firmwaresimatic_cfu_pa_firmwarescalance_x208pro_firmwarescalance_xr324-12mscalance_x212-2ldsimatic_s7-1200scalance_x310fesimatic_cfu_pasimocode_prov_profinet_firmwarescalance_xr-300wgscalance_x201-3p_irt_prosimatic_power_line_booster_plbscalance_x308-2_firmwarescalance_x204-2fmscalance_xm400_firmwaresimatic_power_line_booster_plb_firmwaresimocode_prov_ethernet\/ip_firmwarescalance_x306-1ldfe_firmwarescalance_x320-3ldfe_firmwarescalance_x307-3ld_firmwarescalance_x308-2lhscalance_x310simatic_net_cm_1542-1_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2m_poescalance_x202-2_irtscalance_xf204_firmwarescalance_x308-2m_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf204-2_firmwarescalance_xf202-2p_irtscalance_x308-2mscalance_xr500_firmwarescalance_x202-2_irt_firmwarescalance_x206-1ldscalance_w1700scalance_xf204_irt_firmwarescalance_x308-2m_ts_firmwarescalance_xf201-3p_irtscalance_x204-2ldscalance_xf208simatic_net_dk-16xx_pn_ioscalance_xr324-4m_poe_firmwarescalance_x204-2ld_ts_firmwarescalance_x307-2eecscalance_x304-2fe_firmwaredk_standard_ethernet_controller_evaluation_kitsimatic_profinet_driverdk_standard_ethernet_controller_evaluation_kit_firmwarescalance_x307-2eec_firmwarescalance_x308-2lh_firmwarescalance_x320-3ldfeek-ertec_200p_evaluation_kit_firmwarescalance_x204-2_firmwarescalance_xf206-1scalance_xr324-12m_firmwaresimatic_s7-1200_firmwarescalance_x310_firmwarescalance_x206-1ld_firmwarescalance_xp-200_firmwarescalance_x212-2simatic_net_cp1626_firmwarescalance_x204-2ts_firmwarescalance_x208proscalance_x320-1fescalance_x216_firmwarescalance_xb-200scalance_xf202-2p_irt_firmwaresoftnet-ie_pnio_firmwarescalance_x208_firmwarescalance_xr500simatic_ie\/pb-link_v3simatic_ie\/pb-link_v3_firmwarescalance_x307-3simatic_net_cp1626scalance_x216simatic_net_cp1604scalance_xf204-2_scalance_x224_firmwarescalance_x302-7eecSCALANCE X302-7 EEC (230V)SCALANCE W1748-1 M12SCALANCE MUM853-1 (A1)SCALANCE X310FESCALANCE W734-1 RJ45 (USA)SIMATIC MV540 SSCALANCE XR524-8C, 24VSCALANCE XR324-12M TS (24V)SIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1215C DC/DC/RlySCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XC206-2G PoE (54 V DC)SCALANCE XR324-4M EEC (24V, ports on front)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE X208PROSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XR552-12M (2HR2, L3 int.)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE X302-7 EEC (2x 230V, coated)SIMATIC CM 1542-1SCALANCE XP216SCALANCE XR324-4M EEC (2x 24V, ports on front)SIMATIC MV550 SSCALANCE XP216POE EECSCALANCE X306-1LD FESCALANCE X307-2 EEC (24V)SCALANCE X201-3P IRTSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE X202-2P IRT PROSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE XC224SCALANCE XM408-4C (L3 int.)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XC208G PoE (54 V DC)SCALANCE W786-2IA RJ45SCALANCE X307-2 EEC (2x 230V)SCALANCE X308-2M PoESCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE X200-4P IRTSIMATIC IE/PB-LINKSIMATIC S7-1200 CPU 1212C DC/DC/RlySCALANCE XB208 (E/IP)SIPLUS S7-1200 CPU 1214 AC/DC/RLYSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE MUM853-1 (EU)SCALANCE X212-2SIPLUS S7-1200 CPU 1215FC DC/DC/DCSCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE X308-2LDSCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE XR526-8C, 2x230VSIMATIC PROFINET DriverSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR526-8C, 1x230VSCALANCE MUM856-1 (A1)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE X408-2SCALANCE M874-3SCALANCE XM408-8CSCALANCE X302-7 EEC (24V, coated)SCALANCE M876-4 (NAM)SCALANCE X202-2IRTSCALANCE X212-2LDSIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE X206-1LDSCALANCE XC216-3G PoESCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X206-1SCALANCE XC216-4C G EECSCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XF204-2SCALANCE MUM856-1 (EU)SCALANCE X308-2MSCALANCE XC206-2SFP G EECSCALANCE W734-1 RJ45SCALANCE W748-1 M12SIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE XF204-2BA DNASCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR526-8C, 2x230V (L3 int.)SIMATIC S7-1200 CPU 1214C DC/DC/DCSCALANCE X320-1 FESCALANCE X307-2 EEC (230V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SIPLUS S7-1200 CPU 1214C AC/DC/RLYSCALANCE XF202-2P IRTSCALANCE XR528-6MSIMATIC Power Line Booster PLB, Base ModuleSIPLUS SIMOCODE pro V basic unit 2SIMATIC S7-1200 CPU 1211C AC/DC/RlySCALANCE W788-1 RJ45SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XP208 (Ethernet/IP)SCALANCE XB205-3 (ST, PN)SIMATIC S7-1200 CPU 1212C AC/DC/RlySCALANCE XB216 (E/IP)SIMOCODE pro V EIP 24V DCSCALANCE X302-7 EEC (230V, coated)SCALANCE XC208G PoESCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC CFU PASCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ControllerSIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SIPLUS NET SCALANCE X308-2SIMATIC S7-1200 CPU 1212FC DC/DC/RlySCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE X304-2FESIMATIC CFU DIQSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE X224SCALANCE X308-2SCALANCE X204IRTSCALANCE X204-2LD TSSCALANCE X204-2FMSCALANCE M876-4 (EU)SCALANCE XC224-4C G (EIP Def.)SCALANCE XC206-2SFP GSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE X302-7 EEC (2x 24V)SCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE MUM856-1 (B1)SCALANCE X307-3SCALANCE XC216-4CSCALANCE XF201-3P IRTSIMOCODE pro V PN 110-240V AC/DCSIPLUS S7-1200 CPU 1212C AC/DC/RLYSCALANCE XF206-1SCALANCE XR324-12M (230V, ports on rear)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SOFTNET-IE PNIOSCALANCE X201-3P IRT PROSCALANCE X308-2LHSCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE M826-2 SHDSL-RouterSIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE W1788-2 M12SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X202-2P IRTSCALANCE W774-1 M12 EECSIMATIC S7-1200 CPU 1211C DC/DC/RlySIPLUS S7-1200 CPU 1215C DC/DC/DCSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SIMATIC S7-1200 CPU 1214C AC/DC/RlySIMATIC S7-1200 CPU 1212FC DC/DC/DCSCALANCE W778-1 M12 EECSCALANCE XR324-12M (230V, ports on front)SIMATIC S7-1200 CPU 1217C DC/DC/DCSCALANCE XR324-4M PoE (24V, ports on front)SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC CP 1604SIMATIC MV540 HSCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE X307-2 EEC (2x 24V)SCALANCE XC208GSCALANCE XB213-3 (SC, PN)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC MV550 HSCALANCE XF208SCALANCE MUM853-1 (B1)SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XF204IRTSIMOCODE pro V EIP 110-240V AC/DCSCALANCE W778-1 M12 EEC (USA)SIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE X320-1-2LD FESCALANCE XC208SIMATIC S7-1200 CPU 1214FC DC/DC/RlySCALANCE XR552-12MSIMATIC CP 1626SCALANCE M876-3 (ROK)SIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1212C DC/DC/DCSCALANCE X216SCALANCE XR526-8C, 1x230V (L3 int.)Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200SCALANCE XR324-12M (24V, ports on front)SCALANCE X204-2LDSCALANCE X204-2TSSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE MUM856-1 (CN)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSIMATIC S7-1200 CPU 1215C AC/DC/RlySCALANCE M874-3 3G-Router (CN)SCALANCE S615 EEC LAN-RouterSCALANCE W786-2 SFPSCALANCE X302-7 EEC (2x 24V, coated)SIMATIC S7-1200 CPU 1215FC DC/DC/RlySCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SIMATIC MV560 XSCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE X308-2LH+SCALANCE XM416-4CSCALANCE X204IRT PROSIMATIC MV560 USCALANCE XR524-8C, 2x230VSIMATIC S7-1200 CPU V4 family (incl. SIPLUS variants)SCALANCE X204-2SCALANCE XB205-3LD (SC, E/IP)SIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214 DC/DC/RLYSCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE XR324-12M (24V, ports on rear)SIPLUS S7-1200 CPU 1214C DC/DC/DCSCALANCE XF204-2BA IRTSCALANCE M874-2SIMATIC S7-1200 CPU 1215FC DC/DC/DCSCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE X302-7 EEC (2x 230V)SCALANCE XP208EECSCALANCE XF204 DNASCALANCE X307-3LDSCALANCE X310SCALANCE XR324-4M PoE (230V, ports on front)SIPLUS S7-1200 CPU 1215 DC/DC/DCSCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE X208SCALANCE W786-2 RJ45RUGGEDCOM RM1224 LTE(4G) EUSIPLUS S7-1200 CPU 1212 AC/DC/RLYSCALANCE X302-7 EEC (24V)SCALANCE X308-2M TSSCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE M804PBSCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE M876-4SCALANCE XC206-2SFPSIMATIC CP 1616Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200PSCALANCE W788-2 M12 EECSCALANCE X307-2 EEC (24V, coated)SCALANCE MUM856-1 (RoW)SIMATIC NET DK-16xx PN IOSIPLUS NET SCALANCE XC206-2SFPSCALANCE X307-2 EEC (230V)SIMOCODE pro V PN 24V DCdevelopment_evaluation_kits_for_profinet_io_ek_ertec_200pscalance_m816-1_adsl-router_annex_bscalence_x204_2tsscalence_m874_3scalance_m826-2_shdsl-routerscalance_m812-1_adsl-router_annex_bscalance_m816_1_adsl_router_annex_adevelopment_evaluation_kits_for_profinet_io_ek_ertec_200scalence_m874_2scalance_x200_4p_irtscalance_w1788_2ia_m12scalance_x201_3p_irt_proscalence_x204_2ldscalance_w1748_1_m12scalancce_x204_2scalance_m876_3_rokscalence_202_2p_irt_proscalance_w1788_2_eec_m12scalence_x204_2ld_tsscalance_w700_ieee_802.11n_familyscalance_m804pbscalance_s615scalance_x201_3p_irtscalance_w1788_2_m12scalance_m876_4_namscalance_m876_4_eudevelopment_evaluation_kits_for_profinet_io_dk_standard_ethernet_controllerscalance_m812-1_adsl-router_annex_ascalance_w1788_1_m12scalence_x204_2fmruggedcom_rm1224scalance_m876_3_evdoscalancce_x202_2p_irt
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-48498
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-12 Dec, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-10790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.65%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 13:54
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38535
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.67%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 14:50
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

Action-Not Available
Vendor-oisfOISFoisf
Product-suricatasuricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38534
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.36%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 14:47
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata modbus: txs without responses are never freed

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

Action-Not Available
Vendor-oisfOISFoisf
Product-suricatasuricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38528
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.34%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 19:28
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited number of NTS-KE connections can crash ntpd-rs server

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. This vulnerability has been patched in version 1.1.3.

Action-Not Available
Vendor-pendulum-projecttweedegolf
Product-ntpd-rsntpd-rs
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-47562
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.11%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 07:56
Updated-24 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in Ormazabal products

Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.

Action-Not Available
Vendor-ormazabalOrmazabalormazabal
Product-ekorccpekorccp_firmwareekorrciekorrci_firmwareekorRCIekorCCPekorrciekorccp
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-26249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.95%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 00:00
Updated-14 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.

Action-Not Available
Vendor-nicn/a
Product-knot_resolvern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38286
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.6||HIGH
EPSS-1.70% / 74.44%
||
7 Day CHG~0.00%
Published-07 Nov, 2024 | 07:37
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Denial of Service

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-tomcatontap_toolsApache Tomcattomcat
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-45471
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-3.5||LOW
EPSS-0.52% / 40.23%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 14:04
Updated-28 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-37302
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.11%
||
7 Day CHG+0.01%
Published-03 Dec, 2024 | 17:04
Updated-26 Aug, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Synapse denial of service through media disk space consumption

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached.

Action-Not Available
Vendor-element-hqelement-hqThe Matrix.org Foundation
Product-synapsesynapsesynapse
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-27978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.83% / 76.31%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 14:43
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.

Action-Not Available
Vendor-shibbolethn/a
Product-identity_providern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-28491
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-3.07% / 86.06%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:50
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS)

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

Action-Not Available
Vendor-quarkusn/aOracle CorporationFasterXML, LLC.
Product-jackson-dataformats-binaryweblogic_serverquarkuscom.fasterxml.jackson.dataformat:jackson-dataformat-cbor
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-37358
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.6||HIGH
EPSS-0.80% / 52.21%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 11:22
Updated-29 Sep, 2025 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache James: denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.

Action-Not Available
Vendor-The Apache Software Foundation
Product-james_serverApache James server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-37298
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.80%
||
7 Day CHG+0.01%
Published-01 Jul, 2024 | 18:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential memory exhaustion attack due to sparse slice deserialization

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.

Action-Not Available
Vendor-gorillagorillatoolkit
Product-schemaschema
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-3760
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.15%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:26
Updated-18 Nov, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Email Bombing Vulnerability in lunary-ai/lunary

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization.

Action-Not Available
Vendor-Lunary LLC
Product-lunarylunary-ai/lunarylunary-ai\/lunary
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-25156
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.37%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-10 Mar, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kiwi TCMS has no protection against brute-force attacks on login page

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.

Action-Not Available
Vendor-kiwitcmskiwitcms
Product-kiwi_tcmskiwi
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-27173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.41%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 03:58
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.

Action-Not Available
Vendor-vm-superio_projectn/a
Product-vm-superion/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-24998
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-46.84% / 98.68%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 15:57
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxcommons_fileuploadApache TomcatApache Commons FileUpload
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-36378
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.9||MEDIUM
EPSS-0.38% / 30.15%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:29
Updated-27 Jan, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-36462
Matching Score-4
Assigner-Zabbix
ShareView Details
Matching Score-4
Assigner-Zabbix
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.70%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 09:40
Updated-10 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of resources without limits or throttling (uncontrolled resource consumption)

Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system.

Action-Not Available
Vendor-ZABBIX
Product-zabbixZabbixzabbix
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-43768
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.95% / 57.05%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:02
Updated-07 Feb, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Action-Not Available
Vendor-Siemens AG
Product-siplus_s7-1200_cp_1243-1_railsimatic_ipc_diagbase_firmwaresiplus_tim_1531_ircsimatic_cp_1243-8_irc_firmwaresimatic_cp_1542sp-1_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_cp_1243-1_dnp3simatic_cp_1243-1_iec_firmwaresimatic_cp_1243-1_firmwaresimatic_cp_1243-7_lte_eu_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresiplus_net_cp_443-1_advancedsiplus_net_cp_1242-7_v2_firmwaresimatic_cp_1242-7_v2siplus_net_cp_443-1_advanced_firmwaretim_1531_irctim_1531_irc_firmwaresimatic_cp_443-1siplus_s7-1200_cp_1243-1_rail_firmwaresimatic_cp_1242-7_v2_firmwaresimatic_cp_1243-8_ircsiplus_s7-1200_cp_1243-1_firmwaresimatic_ipc_diagmonitorsiplus_net_cp_1242-7_v2simatic_cp_1543sp-1simatic_cp_443-1_advanced_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_cp_443-1_firmwaresiplus_tim_1531_irc_firmwaresimatic_cp_1243-7_lte_eusiplus_s7-1200_cp_1243-1simatic_cp_1542sp-1_ircsimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isecsimatic_cp_1243-1_dnp3_firmwaresimatic_cp_1542sp-1_irc_firmwaresimatic_cp_1543sp-1_firmwaresimatic_cp_1542sp-1siplus_net_cp_443-1siplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_et_200sp_cp_1543sp-1_isec_firmwaresimatic_cp_1243-1_iecsimatic_ipc_diagmonitor_firmwaresiplus_net_cp_443-1_firmwaresimatic_cp_1243-7_lte_us_firmwaresimatic_ipc_diagbasesimatic_cp_443-1_advancedsimatic_cp_1243-7_lte_usSIMATIC CP 1243-7 LTE USSIPLUS NET CP 1242-7 V2SIPLUS TIM 1531 IRCSIMATIC CP 443-1 AdvancedSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSIMATIC CP 1243-7 LTE EUSIMATIC CP 1542SP-1 IRCSIPLUS S7-1200 CP 1243-1TIM 1531 IRCSIPLUS NET CP 443-1SIMATIC CP 1242-7 V2SIMATIC CP 1542SP-1SIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSIMATIC CP 1243-8 IRCSIPLUS ET 200SP CP 1543SP-1 ISECSIMATIC CP 1243-1SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)SIMATIC CP 1543SP-1SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)SIPLUS S7-1200 CP 1243-1 RAILSIMATIC CP 443-1SIPLUS NET CP 443-1 Advanced
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-9578
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.49% / 82.71%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 21:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

Action-Not Available
Vendor-spice_projectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationspiceenterprise_linux_desktopspice
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-20
Improper Input Validation
CVE-2019-10079
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.56% / 90.45%
||
7 Day CHG~0.00%
Published-22 Oct, 2019 | 15:42
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-35116
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.70% / 48.77%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 18:20
Updated-21 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-9064
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.62%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 09:00
Updated-30 Jun, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)

A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-directory_server389_directory_serverenterprise_linuxRed Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Directory Server 11.9 for RHEL 8Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Directory Server 12Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Directory Server 13.2Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Directory Server 13Red Hat Directory Server 11.7 E4S for RHEL 8Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Directory Server 12.4 E4S for RHEL 9Red Hat Enterprise Linux 8Red Hat Directory Server 12.2 E4S for RHEL 9Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Directory Server 11.9 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Directory Server 12Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Directory Server 13.2Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Directory Server 13Red Hat Directory Server 11.7 E4S for RHEL 8Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Directory Server 12.4 E4S for RHEL 9Red Hat Directory Server 12.2 E4S for RHEL 9Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-22785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.81%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 20:22
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.

Action-Not Available
Vendor-etherpadn/a
Product-etherpadn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-35202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.28%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 00:00
Updated-22 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/abitcoin
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-34703
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.15%
||
7 Day CHG-0.00%
Published-30 Jun, 2024 | 20:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.

Action-Not Available
Vendor-randombitrandombit
Product-botanbotan
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-13306
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-3.7||LOW
EPSS-1.83% / 76.24%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 21:28
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found