Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-1100

Summary
Assigner-GitLab
Assigner Org ID-ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At-04 Apr, 2022 | 19:46
Updated At-02 Aug, 2024 | 23:55
Rejected At-
Credits

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitLab
Assigner Org ID:ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At:04 Apr, 2022 | 19:46
Updated At:02 Aug, 2024 | 23:55
Rejected At:
▼CVE Numbering Authority (CNA)

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Affected Products
Vendor
GitLab Inc.GitLab
Product
GitLab
Versions
Affected
  • >=13.1, <14.7.7
  • >=14.8, <14.8.5
  • >=14.9, <14.9.2
Problem Types
TypeCWE IDDescription
textN/AImproper input validation in GitLab
Type: text
CWE ID: N/A
Description: Improper input validation in GitLab
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
This vulnerability has been discovered internally by the GitLab team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/gitlab-org/gitlab/-/issues/273771
x_refsource_MISC
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.json
x_refsource_CONFIRM
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/273771
Resource:
x_refsource_MISC
Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.json
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/gitlab-org/gitlab/-/issues/273771
x_refsource_MISC
x_transferred
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.json
x_refsource_CONFIRM
x_transferred
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/273771
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.json
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@gitlab.com
Published At:04 Apr, 2022 | 20:15
Updated At:11 Apr, 2022 | 19:09

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
GitLab Inc.
gitlab
>>gitlab>>Versions from 13.1.0(inclusive) to 14.7.7(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 13.1.0(inclusive) to 14.7.7(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 14.8.0(inclusive) to 14.8.5(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 14.8.0(inclusive) to 14.8.5(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 14.9.0(inclusive) to 14.9.2(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 14.9.0(inclusive) to 14.9.2(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
CWE-772Primarynvd@nist.gov
CWE ID: CWE-772
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.jsoncve@gitlab.com
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/273771cve@gitlab.com
Broken Link
Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.json
Source: cve@gitlab.com
Resource:
Vendor Advisory
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/273771
Source: cve@gitlab.com
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

88Records found
CVE-2023-3909
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.38%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 12:08
Updated-12 Jun, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-3900
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 00:07
Updated-22 May, 2025 | 04:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Type of Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2023-3917
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.28%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 06:02
Updated-22 May, 2025 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Type of Input in GitLab

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2019-6785
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 19:26
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2019-20142
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 29.07%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 20:04
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2022-2908
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.20%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2019-15584
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 21:02
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabGitLab CE/EE
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-15593
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 21:57
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-9367
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.10%
||
7 Day CHG-0.05%
Published-12 Dec, 2024 | 12:02
Updated-11 Jul, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-3246
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.38%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 12:01
Updated-22 May, 2025 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-6324
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 06:02
Updated-05 Aug, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Algorithmic Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2024-5469
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.08% / 25.00%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 04:04
Updated-09 Jan, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in GitLab

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-0290
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.28%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 08:45
Updated-05 Aug, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-1954
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.37%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 17:01
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2022-1428
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.86%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:40
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-1099
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:46
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-0488
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.20% / 41.76%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 18:53
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-0477
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-25 Apr, 2022 | 16:35
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2021-39942
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 16:52
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-39938
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.14% / 34.38%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 15:47
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-39917
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 58.99%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 15:47
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-697
Incorrect Comparison
CVE-2021-39932
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.73%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 15:47
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39914
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.18% / 39.41%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 22:39
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-39939
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.38%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 15:48
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab Runner
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-7610
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 66.55%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 10:30
Updated-29 Aug, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in GitLab

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-39940
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.94%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 15:47
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2022-3759
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.65% / 69.77%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-4539
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.69%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 01:38
Updated-13 Dec, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-1283
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.63%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqMQ
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2015-8631
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.56% / 80.74%
||
7 Day CHG~0.00%
Published-13 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)openSUSERed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverenterprise_linux_server_auskerberos_5leapopensuseenterprise_linux_eusenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxlinuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2020-15114
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.08% / 25.20%
||
7 Day CHG~0.00%
Published-06 Aug, 2020 | 22:25
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in etcd

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Action-Not Available
Vendor-etcd-ioRed Hat, Inc.Fedora Project
Product-etcdfedoraetcd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-8201
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.00%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-tp3106tp3206_firmwaretp3106_firmwaretp3206max_presence_firmwaremax_presenceMAX PRESENCE,TP3106,TP3206,
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-21600
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.43%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-0132
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.26% / 49.08%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 19:10
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_6246rxeon_platinum_8153xeon_platinum_8276lxeon_platinum_8358xeon_platinum_9222xeon_gold_6129xeon_gold_5315yxeon_w-3245mxeon_gold_5217xeon_gold_6230txeon_gold_6146xeon_gold_6126txeon_platinum_8362xeon_gold_6230nxeon_platinum_8165xeon_gold_6143xeon_w-3225xeon_platinum_8354hxeon_gold_6135xeon_gold_5218nxeon_w-3265xeon_bronze_3106xeon_gold_6138txeon_gold_6338xeon_w-3245xeon_gold_5115xeon_gold_5120xeon_platinum_8170xeon_gold_6136xeon_silver_4309yxeon_platinum_8352yxeon_gold_6138xeon_platinum_8368xeon_gold_5220xeon_gold_6246xeon_platinum_8160txeon_silver_4214rxeon_gold_6326xeon_gold_6254xeon_platinum_8164xeon_gold_6269yxeon_silver_4114txeon_silver_4310txeon_gold_6240yxeon_gold_6154xeon_gold_6234xeon_platinum_8380xeon_silver_4316xeon_platinum_8351nxeon_gold_6208uxeon_platinum_8268xeon_gold_5215xeon_platinum_8352vxeon_gold_6336yxeon_platinum_8176mxeon_gold_6262vxeon_platinum_8168xeon_gold_5222xeon_w-3275xeon_gold_5218xeon_platinum_8284xeon_silver_4209txeon_silver_4109txeon_gold_5117fxeon_silver_4116xeon_platinum_8380hxeon_gold_5215lxeon_gold_5117xeon_platinum_8360hlxeon_gold_6252nxeon_silver_4215rxeon_gold_6138fxeon_gold_5122xeon_platinum_9221xeon_gold_6244xeon_platinum_8376hxeon_gold_6330xeon_platinum_8160xeon_silver_4210txeon_platinum_8321hcxeon_gold_6248xeon_gold_6212uxeon_silver_4114xeon_gold_6314uxeon_platinum_8280xeon_gold_6248rxeon_gold_6122xeon_gold_6354xeon_gold_6258rxeon_gold_6148fxeon_bronze_3104xeon_silver_4123xeon_gold_6132xeon_gold_6240xeon_gold_6238lxeon_gold_6240lxeon_platinum_8352mxeon_gold_6250xeon_platinum_8353hxeon_platinum_8256xeon_gold_6152xeon_gold_6348hxeon_gold_6262xeon_platinum_8158xeon_platinum_8156xeon_gold_6137xeon_gold_5219yxeon_gold_6330hxeon_w-3265mxeon_gold_6222vxeon_gold_5318hxeon_platinum_8176xeon_platinum_8376hlxeon_gold_6242secl-dcxeon_gold_5320hxeon_gold_5320xeon_platinum_8360yxeon_platinum_8274xeon_gold_6142xeon_platinum_8260yxeon_platinum_8270xeon_gold_6126fxeon_gold_6242rxeon_gold_6338txeon_gold_5218txeon_gold_6128xeon_gold_6346xeon_platinum_8180mxeon_gold_6150xeon_gold_5118xeon_silver_4215xeon_gold_6130fxeon_gold_5220rxeon_gold_6140xeon_gold_5318sxeon_platinum_8360xeon_platinum_8174xeon_gold_6338nxeon_platinum_8160fxeon_gold_6134mxeon_silver_4214xeon_platinum_8276xeon_gold_6238txeon_silver_4210rxeon_gold_6250lxeon_silver_4214yxeon_gold_6210uxeon_gold_6348xeon_gold_5218bxeon_gold_6330nxeon_gold_6126xeon_gold_6142mxeon_silver_4106hxeon_platinum_8380hlxeon_gold_6138pxeon_gold_5318nxeon_platinum_8160mxeon_platinum_8358pxeon_platinum_8176fxeon_platinum_8368qxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_gold_6240rxeon_silver_4310xeon_gold_6222xeon_gold_5317xeon_silver_4116txeon_gold_6334xeon_platinum_8356hxeon_gold_6209uxeon_platinum_8160hxeon_silver_4112xeon_gold_6226xeon_gold_6142fxeon_gold_6256xeon_w-3223xeon_gold_6342xeon_gold_5120txeon_gold_6230rxeon_w-3175xxeon_gold_6238xeon_gold_6252xeon_gold_6130xeon_gold_6134xeon_gold_6162xeon_w-3235xeon_gold_5320txeon_silver_4208xeon_platinum_8260xeon_platinum_8352sxeon_gold_5218rxeon_gold_5318yxeon_bronze_3206rxeon_gold_6226rxeon_gold_6130hxeon_gold_6312uxeon_gold_6328hxeon_gold_5220sxeon_w-3275mxeon_platinum_9242xeon_gold_6148xeon_platinum_9282xeon_platinum_8260lxeon_gold_6144xeon_platinum_8280lxeon_silver_4110xeon_bronze_3204xeon_gold_6140mxeon_gold_6328hlxeon_platinum_8170mxeon_platinum_8180xeon_silver_4314xeon_gold_5119txeon_silver_4108xeon_gold_6130txeon_gold_5220txeon_silver_4210Intel(R) Security Library
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-1965
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-1.05% / 76.62%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 18:55
Updated-21 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability

A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_56128pucs_6332-16upucs-6296upnx-osnexus_3636c-rn9k-c9236c7000_10-slotnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004nexus_7700_supervisor_3en9k-c9504-fm-rmds_9506n7k-f248xp-25en9k-x96136yc-rmds_9250in9k-c93180yc-exn77-f324fq-25n9k-x9636q-rnexus_5020nexus_7700_supervisor_2e7700_2-slotx9636q-rnexus_5548pnexus_5648qmds_9718n9k-c9272qn9k-x9732c-exn7k-f306ck-25mds_9148smds_9513nexus_36180yc-rmds_9148tnexus_5672upn77-f312ck-26mds_9132tn7k-m348xp-25lmds_95097000_4-slotn9k-x9636c-rxn9k-x9736c-fxmds_9706nexus_5596upmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xln7k-m206fq-23lmds_9216anexus_5696qx96136yc-rn77-f348xp-23ucs_6248up7000_18-slotn77-m324fq-25lnexus_3048nexus_6001n7k-m202cf-22ln9k-c9508-fm-rucs_6324n9k-c93180yc-fxn7k-f312fq-25mds_9396t7000_9-slotmds_9396sx9636c-rucs_6332n77-m312cq-26lnexus_5548upn7k-m324fq-25lmds_9222inexus_5010nexus_7000_supervisor_2ex9636c-rx7700_10-slotn77-f430cq-36n77-m348xp-23lmds_9216i7700_18-slotnexus_5596tn9k-c92160yc-xnexus_5624qmds_9710n9k-c93180lc-exn9k-x9636c-rn7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-40797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.47%
||
7 Day CHG+0.12%
Published-08 Sep, 2021 | 19:11
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Action-Not Available
Vendor-n/aOpenStack
Product-neutronn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2024-28882
Matching Score-4
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-4
Assigner-OpenVPN Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.52%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 21:30
Updated-10 Jun, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

Action-Not Available
Vendor-openvpnOpenVPN
Product-openvpnOpenVPN
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-30129
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.51%
||
7 Day CHG-0.00%
Published-12 Jul, 2021 | 12:10
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS/OOM leak vulnerability in Apache Mina SSHD Server

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-banking_paymentscommunications_cloud_native_core_consoleflexcube_universal_bankingmiddleware_common_libraries_and_toolsretail_customer_management_and_segmentation_foundationoss_support_toolsbanking_treasury_managementsshdbanking_trade_financeApache Mina SSHD
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
  • Previous
  • 1
  • 2
  • Next
Details not found