Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-31340

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-08 Jun, 2021 | 19:47
Updated At-03 Aug, 2024 | 22:55
Rejected At-
Credits

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:08 Jun, 2021 | 19:47
Updated At:03 Aug, 2024 | 22:55
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Affected Products
Vendor
Siemens AGSiemens
Product
SIMATIC RF166C
Versions
Affected
  • All versions > V1.1 and < V1.3.2
Vendor
Siemens AGSiemens
Product
SIMATIC RF185C
Versions
Affected
  • All versions > V1.1 and < V1.3.2
Vendor
Siemens AGSiemens
Product
SIMATIC RF186C
Versions
Affected
  • All versions > V1.1 and < V1.3.2
Vendor
Siemens AGSiemens
Product
SIMATIC RF186CI
Versions
Affected
  • All versions > V1.1 and < V1.3.2
Vendor
Siemens AGSiemens
Product
SIMATIC RF188C
Versions
Affected
  • All versions > V1.1 and < V1.3.2
Vendor
Siemens AGSiemens
Product
SIMATIC RF188CI
Versions
Affected
  • All versions > V1.1 and < V1.3.2
Vendor
Siemens AGSiemens
Product
SIMATIC RF360R
Versions
Affected
  • All versions < V2.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF610R CMIIT
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF610R ETSI
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF610R FCC
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF615R CMIIT
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF615R ETSI
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF615R FCC
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF650R ARIB
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF650R CMIIT
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF650R ETSI
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF650R FCC
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF680R ARIB
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF680R CMIIT
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF680R ETSI
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF680R FCC
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF685R ARIB
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF685R CMIIT
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF685R ETSI
Versions
Affected
  • All versions > V3.0 < V4.0
Vendor
Siemens AGSiemens
Product
SIMATIC Reader RF685R FCC
Versions
Affected
  • All versions > V3.0 < V4.0
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400: Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400: Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:08 Jun, 2021 | 20:15
Updated At:06 Oct, 2022 | 17:28

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Siemens AG
siemens
>>simatic_rf166c>>-
cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf166c_firmware>>Versions between 1.1(exclusive) and 1.3.2(exclusive)
cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf185c>>-
cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf185c_firmware>>Versions between 1.1(exclusive) and 1.3.2(exclusive)
cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf186c>>-
cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf186c_firmware>>Versions between 1.1(exclusive) and 1.3.2(exclusive)
cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf186ci>>-
cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf186ci_firmware>>Versions between 1.1(exclusive) and 1.3.2(exclusive)
cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf188c>>-
cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf188c_firmware>>Versions between 1.1(exclusive) and 1.3.2(exclusive)
cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf188ci>>-
cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf188ci_firmware>>Versions between 1.1(exclusive) and 1.3.2(exclusive)
cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf360r>>-
cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf360r_firmware>>Versions before 2.0(exclusive)
cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf610r_cmiit>>-
cpe:2.3:h:siemens:simatic_reader_rf610r_cmiit:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf610r_cmiit_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf610r_cmiit_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf610r_etsi_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf610r_etsi_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf610r_etsi>>-
cpe:2.3:h:siemens:simatic_reader_rf610r_etsi:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf610r_fcc_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf610r_fcc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf610r_fcc>>-
cpe:2.3:h:siemens:simatic_reader_rf610r_fcc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf615r_cmiit_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf615r_cmiit_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf615r_cmiit>>-
cpe:2.3:h:siemens:simatic_reader_rf615r_cmiit:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf615r_etsi_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf615r_etsi_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf615r_etsi>>-
cpe:2.3:h:siemens:simatic_reader_rf615r_etsi:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf615r_fcc_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf615r_fcc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf615r_fcc>>-
cpe:2.3:h:siemens:simatic_reader_rf615r_fcc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_cmiit_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf650r_cmiit_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_cmiit>>-
cpe:2.3:h:siemens:simatic_reader_rf650r_cmiit:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_etsi_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf650r_etsi_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_etsi>>-
cpe:2.3:h:siemens:simatic_reader_rf650r_etsi:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_fcc_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf650r_fcc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_fcc>>-
cpe:2.3:h:siemens:simatic_reader_rf650r_fcc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_arib_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf650r_arib_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf650r_arib>>-
cpe:2.3:h:siemens:simatic_reader_rf650r_arib:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_cmiit_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf680r_cmiit_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_cmiit>>-
cpe:2.3:h:siemens:simatic_reader_rf680r_cmiit:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_etsi_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf680r_etsi_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_etsi>>-
cpe:2.3:h:siemens:simatic_reader_rf680r_etsi:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_fcc_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf680r_fcc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_fcc>>-
cpe:2.3:h:siemens:simatic_reader_rf680r_fcc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_arib_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf680r_arib_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf680r_arib>>-
cpe:2.3:h:siemens:simatic_reader_rf680r_arib:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_cmiit_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf685r_cmiit_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_cmiit>>-
cpe:2.3:h:siemens:simatic_reader_rf685r_cmiit:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_etsi_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf685r_etsi_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_etsi>>-
cpe:2.3:h:siemens:simatic_reader_rf685r_etsi:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_fcc_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf685r_fcc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_fcc>>-
cpe:2.3:h:siemens:simatic_reader_rf685r_fcc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_arib_firmware>>Versions from 3.0(inclusive) to 4.0(exclusive)
cpe:2.3:o:siemens:simatic_reader_rf685r_arib_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_reader_rf685r_arib>>-
cpe:2.3:h:siemens:simatic_reader_rf685r_arib:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE-400Secondaryproductcert@siemens.com
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: productcert@siemens.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdfproductcert@siemens.com
Mitigation
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Source: productcert@siemens.com
Resource:
Mitigation
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1385Records found

CVE-2019-1967
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.57% / 84.97%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 21:45
Updated-19 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9140nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_7000_9-slotnexus_9364cnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qmds_9200nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9000nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_7700_18-slotnexus_5596upnexus_3524nexus_3548mds_9500nexus_7000_4-slotnexus_7700_6-slotnexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_7700_10-slotmds_9100nexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_7000_10-slotnexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tnexus_3264c-enexus_7700_2-slotnexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_7000_18-slotnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-23011
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 13:19
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_advanced_web_application_firewallbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-22904
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-6.40% / 90.65%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:49
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.

Action-Not Available
Vendor-n/aRuby on Rails
Product-railshttps://github.com/rails/rails
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-22985
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.88%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 17:48
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_security_managerBIG-IP APM
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-22101
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.84%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 14:18
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.

Action-Not Available
Vendor-n/aCloud Foundry
Product-capi-releasecf-deploymentCloud Foundry Cloud Controller
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.82%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22553
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.73%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 12:05
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Memory exhaustion in Gerrit

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.

Action-Not Available
Vendor-Google LLC
Product-gerritGerrit
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-22965
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-11.33% / 93.28%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 18:10
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.

Action-Not Available
Vendor-n/aIvanti SoftwarePulse Secure
Product-pulse_connect_secureconnect_securePulse Connect Secure
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-22880
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-5.88% / 90.23%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 16:11
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Action-Not Available
Vendor-n/aFedora ProjectRuby on Rails
Product-fedorarailshttps://github.com/rails/rails
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-22955
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.42%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 13:12
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-gatewayapplication_delivery_controller_firmwareapplication_delivery_controllerCitrix ADC, Citrix Gateway
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21419
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 14:30
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

Action-Not Available
Vendor-eventleteventletFedora Project
Product-eventletfedoraeventlet
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21317
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.48% / 80.21%
||
7 Day CHG~0.00%
Published-16 Feb, 2021 | 17:45
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in uap-core

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.

Action-Not Available
Vendor-uap-core_projectua-parser
Product-uap-coreuap-core
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2025-9670
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-29 Aug, 2025 | 19:02
Updated-29 Aug, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mixmark-io turndown commonmark-rules.js redos

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-mixmark-io
Product-turndown
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21565
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 65.95%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-16 Sep, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-834
Excessive Iteration
CVE-2022-34326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.06%
||
7 Day CHG~0.00%
Published-27 Sep, 2022 | 00:00
Updated-21 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195am_firmwarertl8195amn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21294
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.21%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 21:40
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded connection acceptance in http4s-blaze-server

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general "MaxActiveRequests" middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new "maxConnections" property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w.

Action-Not Available
Vendor-typelevelhttp4s
Product-http4shttp4s
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-18898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 78.89%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 21:16
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxBest Practical Solutions, LLC
Product-ubuntu_linuxdebian_linuxrequest_trackerfedoran/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21267
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.22%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 20:25
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial-of-Service in npm schema-inspector

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.

Action-Not Available
Vendor-schema-inspector_projectschema-inspectorNetApp, Inc.
Product-e-series_performance_analyzerschema-inspectoroncommand_insightschema-inspector
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21240
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-4.54% / 88.74%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 19:45
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service in httplib2

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

Action-Not Available
Vendor-httplib2_projecthttplib2
Product-httplib2httplib2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-12254
Matching Score-4
Assigner-Python Software Foundation
ShareView Details
Matching Score-4
Assigner-Python Software Foundation
CVSS Score-8.7||HIGH
EPSS-0.24% / 47.46%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 15:19
Updated-04 Apr, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded memory buffering in SelectorSocketTransport.writelines()

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.

Action-Not Available
Vendor-Python Software Foundation
Product-CPythoncpython
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-19162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:11
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-diviprojectn/a
Product-divin/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21348
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.12%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 23:45
Updated-23 May, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Action-Not Available
Vendor-xstreamx-streamNetApp, Inc.Oracle CorporationFedora ProjectThe Apache Software FoundationDebian GNU/Linux
Product-xstreamcommunications_unified_inventory_managementcommunications_billing_and_revenue_management_elastic_charging_enginewebcenter_portaloncommand_insightmysql_serverbanking_virtual_account_managementjmetercommunications_policy_managementactivemqretail_xstore_point_of_servicedebian_linuxbanking_enterprise_default_managementfedorabanking_platformbusiness_activity_monitoringxstream
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-21728
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.48%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:23
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.

Action-Not Available
Vendor-n/aZTE Corporation
Product-zxa10_c300mzxa10_c300m_firmwareZXA10 C300M
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-10599
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.94% / 75.30%
||
7 Day CHG+0.14%
Published-31 Oct, 2024 | 21:31
Updated-04 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tongda OA 2017 package_static_resources.php resource consumption

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tongda2000Tongdatongda
Product-office_anywhereOA 2017oa_2017
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-19160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:09
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-bit.diamondsn/a
Product-diamondn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-18853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-31 Oct, 2018 | 05:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.

Action-Not Available
Vendor-lightbendn/a
Product-spray-jsonn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-10466
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.05%
||
7 Day CHG+0.12%
Published-29 Oct, 2024 | 12:19
Updated-22 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxFirefox ESRThunderbirdfirefox_esrthunderbirdfirefox
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.70%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 21:22
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-colossusxtn/a
Product-colossuscoinxtn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:06
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

Action-Not Available
Vendor-navcoinn/a
Product-navcoinn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-1014
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 22.49%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 13:44
Updated-03 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3

Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets.

Action-Not Available
Vendor-se-elektronicSE-elektronic GmbH
Product-e-ddc3.3_firmwaree-ddc3.3E-DDC3.3
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-17189
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-4.86% / 89.14%
||
7 Day CHG~0.00%
Published-30 Jan, 2019 | 22:00
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationRed Hat, Inc.NetApp, Inc.Fedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serversun_zfs_storage_appliance_kitubuntu_linuxdebian_linuxinstantis_enterprisetrackfedoraretail_xstore_point_of_serviceenterprise_linuxstorage_automation_storehospitality_guest_accesssantricity_cloud_connectorenterprise_manager_ops_centerjboss_core_servicesApache HTTP Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21252
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 61.12%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 00:00
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression denial of service in jquery-validation

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.

Action-Not Available
Vendor-jqueryvalidationjquery-validationNetApp, Inc.
Product-jquery_validationsnapcenterjquery-validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2009-3791
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.69%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-23 Apr, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_media_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 19:51
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

Action-Not Available
Vendor-qtumn/a
Product-qtumn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2009-3270
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-41.51% / 97.32%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2009-3267
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.76% / 94.02%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19161
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:10
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-alqon/a
Product-alqon/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:05
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

Action-Not Available
Vendor-particln/a
Product-particln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21328
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 62.35%
||
7 Day CHG~0.00%
Published-26 Feb, 2021 | 01:45
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service

Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.

Action-Not Available
Vendor-vapor_projectvapor
Product-vaporvapor
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-4411
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.25%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 16:24
Updated-06 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

Action-Not Available
Vendor-n/aMongoDB, Inc.Fedora Project
Product-bsonfedoran/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21293
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.36%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 21:35
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded connection acceptance leads to file handle exhaustion

blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server <= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for "NIO1SocketServerGroup". A "maxConnections" parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The "NIO2SocketServerGroup" has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc.

Action-Not Available
Vendor-typelevelhttp4s
Product-blazeblaze
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-11388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.37%
||
7 Day CHG~0.00%
Published-21 Apr, 2019 | 01:15
Updated-28 Aug, 2024 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity

Action-Not Available
Vendor-modsecurityn/a
Product-owasp_modsecurity_core_rule_setn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:07
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-pivxn/a
Product-pivxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21306
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 68.56%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 21:20
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Marked

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed in version 2.0.0.

Action-Not Available
Vendor-marked_projectmarkedjs
Product-markedmarked
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 12:13
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface.

Action-Not Available
Vendor-virginmedian/a
Product-hub_3.0hub_3.0_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-11389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.37%
||
7 Day CHG~0.00%
Published-21 Apr, 2019 | 01:15
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity

Action-Not Available
Vendor-modsecurityn/a
Product-owasp_modsecurity_core_rule_setn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-3407
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.72%
||
7 Day CHG~0.00%
Published-28 Nov, 2014 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-19157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 20:08
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

Action-Not Available
Vendor-phoren/a
Product-phoren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-18854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-31 Oct, 2018 | 05:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).

Action-Not Available
Vendor-lightbendn/a
Product-spray-jsonn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-11390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.37%
||
7 Day CHG~0.00%
Published-21 Apr, 2019 | 01:16
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity

Action-Not Available
Vendor-modsecurityn/a
Product-owasp_modsecurity_core_rule_setn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 27
  • 28
  • Next
Details not found