Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-37481

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-18 Jul, 2023 | 18:19
Updated At-18 Oct, 2024 | 17:24
Rejected At-
Credits

Fides Webserver Vulnerable to SVG Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:18 Jul, 2023 | 18:19
Updated At:18 Oct, 2024 | 17:24
Rejected At:
▼CVE Numbering Authority (CNA)
Fides Webserver Vulnerable to SVG Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading.

Affected Products
Vendor
ethyca
Product
fides
Versions
Affected
  • >= 2.11.0, < 2.16.0
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400: Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400: Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5
x_refsource_CONFIRM
https://github.com/ethyca/fides/commit/8beaace082b325e693dc7682029a3cb7e6c2b69d
x_refsource_MISC
Hyperlink: https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/ethyca/fides/commit/8beaace082b325e693dc7682029a3cb7e6c2b69d
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5
x_refsource_CONFIRM
x_transferred
https://github.com/ethyca/fides/commit/8beaace082b325e693dc7682029a3cb7e6c2b69d
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/ethyca/fides/commit/8beaace082b325e693dc7682029a3cb7e6c2b69d
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:18 Jul, 2023 | 19:15
Updated At:27 Jul, 2023 | 19:48

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CPE Matches
ethyca
ethyca
>>fides>>Versions from 2.11.0(inclusive) to 2.16.0(exclusive)
cpe:2.3:a:ethyca:fides:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE-400Secondarysecurity-advisories@github.com
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ethyca/fides/commit/8beaace082b325e693dc7682029a3cb7e6c2b69dsecurity-advisories@github.com
Patch
https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5security-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/ethyca/fides/commit/8beaace082b325e693dc7682029a3cb7e6c2b69d
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

92Records found
CVE-2023-45028
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 16:05
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero, QuTScloud

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqutscloudqtsQuTScloudQuTS heroQTS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-46120
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.42% / 61.19%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 23:05
Updated-11 Sep, 2024 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RabbitMQ Java client's lack of message size limitation leads to remote DoS attack

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

Action-Not Available
Vendor-rabbitmqrabbitmqVMware (Broadcom Inc.)
Product-rabbitmq_java_clientrabbitmq-java-clientrabbitmq-java-client
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-46118
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 23:27
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service by publishing large messages over the HTTP API

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Action-Not Available
Vendor-rabbitmqVMware (Broadcom Inc.)
Product-rabbitmqrabbitmq-server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21296
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.57% / 67.58%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 20:00
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in Fleet

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the impact of this vulnerability to be low given the requirement that the actor has a valid node key. There is no information disclosure, privilege escalation, or code execution. The issue is fixed in Fleet 3.7.0.

Action-Not Available
Vendor-fleetdmfleetdm
Product-fleetfleet
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-44321
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 19.91%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 11:04
Updated-12 Aug, 2025 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.

Action-Not Available
Vendor-Siemens AG
Product-6gk5328-4ss00-2ar3_firmware6gk5206-2bb00-2ac26ag1206-2bs00-7ac2_firmware6gk5208-0ga00-2ac2_firmware6gk5204-0ba00-2gf2_firmware6gk5208-0ha00-2ts6_firmware6ag1216-4bs00-7ac26gk5324-0ba00-3ar36gk5205-3bf00-2tb2_firmware6gk5208-0ba00-2tb2_firmware6gk5216-3rs00-2ac26gk5208-0ga00-2ac26gk5213-3bb00-2tb2_firmware6gk5206-2rs00-5ac26gk5224-4gs00-2ac26gk5328-4fs00-3rr3_firmware6gk5216-0ha00-2es6_firmware6gk5204-0ba00-2gf26gk5326-2qs00-3rr3_firmware6gk5328-4fs00-2ar3_firmware6gk5216-0ha00-2ts6_firmware6gk5328-4fs00-3ar36gk5206-2rs00-2ac2_firmware6gk5213-3bd00-2ab2_firmware6gk5205-3bb00-2ab26gk5208-0ga00-2tc2_firmware6gk5213-3bd00-2tb26gk5204-0ba00-2yf2_firmware6gk5206-2rs00-5ac2_firmware6gk5206-2gs00-2fc2_firmware6gk5224-0ba00-2ac2_firmware6gk5216-0ba00-2ac2_firmware6gk5205-3bb00-2tb26gk5324-0ba00-2ar3_firmware6gk5216-4gs00-2fc2_firmware6gk5208-0ua00-5es66ag1208-0ba00-7ac26gk5224-4gs00-2fc2_firmware6gk5328-4fs00-2ar36gk5213-3bf00-2tb2_firmware6gk5205-3bb00-2tb2_firmware6gk5208-0ra00-2ac2_firmware6gk5224-4gs00-2tc26gk5216-0ba00-2ac26gk5324-0ba00-3ar3_firmware6gk5216-4bs00-2ac26gk5224-4gs00-2ac2_firmware6gk5326-2qs00-3ar3_firmware6gk5324-0ba00-2ar36gk5208-0ga00-2tc26gk5213-3bf00-2ab26gk5216-0ha00-2as66gk5216-0ha00-2es66gk5216-4gs00-2tc26gk5206-2bd00-2ac26gk5224-0ba00-2ac26gk5328-4fs00-2rr3_firmware6gk5206-2rs00-5fc26gk5206-2gs00-2tc2_firmware6gk5208-0ua00-5es6_firmware6gk5206-2gs00-2tc26gk5216-0ua00-5es66gk5213-3bf00-2ab2_firmware6gk5205-3bf00-2ab26ag1206-2bb00-7ac2_firmware6gk5208-0ga00-2fc26gk5213-3bd00-2tb2_firmware6gk5208-0ga00-2fc2_firmware6gk5213-3bf00-2tb26gk5328-4fs00-2rr36gk5213-3bb00-2tb26gk5216-0ba00-2ab26gk5216-0ba00-2fc2_firmware6gk5204-2aa00-2yf26gk5213-3bd00-2ab26gk5206-2gs00-2fc26gk5206-2gs00-2ac26gk5205-3bb00-2ab2_firmware6gk5208-0ba00-2fc2_firmware6gk5208-0ba00-2ab26gk5204-2aa00-2gf26gk5208-0ba00-2ac2_firmware6gk5216-0ba00-2fc26gk5328-4ss00-3ar36gk5216-3rs00-5ac26gk5208-0ba00-2tb26gk5206-2rs00-5fc2_firmware6gk5206-2bs00-2ac26gk5328-4fs00-3rr36gk5205-3bd00-2ab26gk5224-4gs00-2tc2_firmware6gk5224-4gs00-2fc26gk5208-0ba00-2ac26gk5206-2bs00-2fc26gk5208-0ha00-2as6_firmware6gk5206-2bs00-2ac2_firmware6gk5208-0ra00-2ac26gk5205-3bf00-2tb26gk5216-0ua00-5es6_firmware6gk5216-4gs00-2ac26gk5208-0ha00-2as66gk5205-3bd00-2tb26ag1206-2bs00-7ac26gk5204-0ba00-2yf26gk5208-0ha00-2ts66gk5208-0ra00-5ac26gk5213-3bb00-2ab26gk5216-0ba00-2ab2_firmware6gk5216-0ha00-2ts66gk5208-0ba00-2fc26gk5216-0ba00-2tb2_firmware6gk5206-2gs00-2ac2_firmware6gk5326-2qs00-3rr36gk5216-4bs00-2ac2_firmware6gk5216-4gs00-2ac2_firmware6gk5206-2bs00-2fc2_firmware6gk5205-3bd00-2ab2_firmware6gk5328-4ss00-2ar36ag1216-4bs00-7ac2_firmware6gk5208-0ha00-2es6_firmware6gk5205-3bf00-2ab2_firmware6gk5216-3rs00-2ac2_firmware6ag1206-2bb00-7ac26gk5204-2aa00-2gf2_firmware6gk5208-0ra00-5ac2_firmware6gk5216-4gs00-2tc2_firmware6gk5208-0ha00-2es66gk5328-4ss00-3ar3_firmware6gk5216-3rs00-5ac2_firmware6gk5204-2aa00-2yf2_firmware6gk5216-0ha00-2as6_firmware6gk5216-4gs00-2fc26gk5206-2bd00-2ac2_firmware6gk5328-4fs00-3ar3_firmware6gk5208-0ba00-2ab2_firmware6gk5205-3bd00-2tb2_firmware6ag1208-0ba00-7ac2_firmware6gk5326-2qs00-3ar36gk5206-2rs00-2ac26gk5206-2bb00-2ac2_firmware6gk5213-3bb00-2ab2_firmware6gk5216-0ba00-2tb2SCALANCE XC208SCALANCE XB213-3 (ST, E/IP)SCALANCE M876-3SCALANCE XR326-2C PoE WGSCALANCE MUM853-1 (EU)SCALANCE XB205-3 (ST, PN)SCALANCE XC216-4C G EECSCALANCE M812-1 ADSL-Router familySCALANCE XB208 (E/IP)SCALANCE XP208SCALANCE XP208GSCALANCE S615 LAN-RouterSCALANCE XP216G EECSCALANCE MUM853-1 (B1)SCALANCE XP216EEC (V2)SCALANCE M804PBSCALANCE XP208G PoE EECSIPLUS NET SCALANCE XC208SCALANCE XB205-3LD (SC, E/IP)SCALANCE XP216SCALANCE XC206-2G PoE (54 V DC)SCALANCE S615 EEC LAN-RouterSCALANCE XP208PoE EECSCALANCE M876-4SCALANCE XB213-3LD (SC, PN)SCALANCE MUM856-1 (EU)SCALANCE MUM856-1 (RoW)SCALANCE XB213-3 (ST, PN)SCALANCE M816-1 ADSL-Router familySCALANCE XF204-2BASCALANCE XC216-4C G (EIP Def.)SIPLUS NET SCALANCE XC206-2SCALANCE XC208G PoE (54 V DC)SCALANCE M874-2SCALANCE XB206-2 STSIPLUS NET SCALANCE XC206-2SFPSCALANCE XP216GSCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE XC206-2G PoESCALANCE XC216SCALANCE XB213-3 (SC, PN)SCALANCE XC216-3G PoE (54 V DC)SCALANCE XF204GSCALANCE XB206-2 (ST/BFOC)SCALANCE MUM856-1 (A1)SCALANCE XC206-2 (ST/BFOC)SCALANCE XC224SCALANCE M874-3 3G-Router (CN)SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XC206-2SFP EECSCALANCE XP208EECSCALANCE XP216G PoE EECSCALANCE MUM856-1 (CN)SCALANCE XC216EECSCALANCE XF204-2BA DNASCALANCE XC206-2 (SC)SCALANCE M826-2 SHDSL-RouterSCALANCE XC216-4C GSCALANCE XC216-3G PoESCALANCE M874-3SCALANCE XP216PoE EEC (V2)SCALANCE XB206-2LDSCALANCE XC224-4C G EECSCALANCE XC208EECSCALANCE XC208GSCALANCE XB208 (PN)SCALANCE XB216 (E/IP)SCALANCE XC206-2SFP G EECSCALANCE XF204SCALANCE XP208G EECSCALANCE XP216 (Ethernet/IP)SCALANCE XC206-2SFP GSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE MUM856-1 (B1)SCALANCE XB205-3 (ST, E/IP)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XB206-2 SCSIPLUS NET SCALANCE XC216-4CSCALANCE XC208G PoESCALANCE XR324WG (24 x FE, AC 230V)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE MUM853-1 (A1)SCALANCE XC224-4C G (EIP Def.)SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XC216-4CSCALANCE XB216 (PN)SCALANCE XP216EECSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE XC224-4C GSCALANCE M876-4 (EU)SCALANCE XP208G PPSCALANCE XB213-3LD (SC, E/IP)SCALANCE XB213-3 (SC, E/IP)SCALANCE XB205-3LD (SC, PN)SCALANCE M876-3 (ROK)SCALANCE XB205-3 (SC, PN)SCALANCE XC208G EECSCALANCE XP216POE EECSCALANCE XR326-2C PoE WG (without UL)SCALANCE M876-4 (NAM)SCALANCE XP216 (V2)SCALANCE XB206-2 (SC)SCALANCE XP208 (Ethernet/IP)SCALANCE XC206-2SFPSCALANCE XB206-2 LDSCALANCE XC208G (EIP def.)SCALANCE XF204 DNA
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-13007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.48%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 17:03
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-8123
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.9||MEDIUM
EPSS-0.63% / 69.44%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:08
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

Action-Not Available
Vendor-n/aStrapi, Inc.
Product-strapiStrapi
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-42031
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.09% / 26.78%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 17:50
Updated-11 Sep, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX denial of service

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelaixcics_txCICS TX AdvancedCICS TX StandardTXSeries for Multiplatforms
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43564
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.32% / 54.36%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 22:20
Updated-01 May, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Splunk Enterprise through search macros

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk Enterprise
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-53023
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-31 Jul, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_clustermysql_serverMySQL ClusterMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50091
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50098
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50093
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50077
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL ClusterMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50080
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-49595
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 12:16
Updated-03 Jul, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.

Action-Not Available
Vendor-n8n-io
Product-n8n
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50094
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.42, 8.4.5 and 9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50088
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50079
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50099
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50095
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50097
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50101
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50092
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50089
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50104
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-16 Jul, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50102
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-4533
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-11 May, 2025 | 06:31
Updated-12 May, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JeecgBoot Document Library Upload zip unzipFile resource consumption

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/a
Product-JeecgBoot
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-41677
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.79%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:30
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Resource Exhaustion via POST Requests to send-mail Action

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-41676
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.79%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 09:30
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Resource Exhaustion via POST Requests to send-sms Action

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.

Action-Not Available
Vendor-HelmholzMB connect line
Product-mbNET.miniREX 100
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-30715
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 19.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:31
Updated-21 Apr, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-30681
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-0.06% / 19.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:30
Updated-17 Apr, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_clustermysql_serverMySQL ClusterMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-30705
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 19.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:31
Updated-21 Apr, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-41969
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.4||LOW
EPSS-0.06% / 18.17%
||
7 Day CHG+0.01%
Published-01 Dec, 2022 | 20:47
Updated-23 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Server has no password length limit when creating a user as an administrator

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisories
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-5445
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.9||MEDIUM
EPSS-0.46% / 63.09%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 19:45
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-es-16-xges-24-250wes-48-liteedgeswitch_firmwarees-24-500wes-8-150wep-s16.es-16-150wes-24-litees-48-750wes-48-500wes-12fEdgeMAX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-37900
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.4||LOW
EPSS-0.06% / 18.31%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 15:50
Updated-15 Oct, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crossplane vulnerable to denial of service from large image

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0.

Action-Not Available
Vendor-cncfcrossplane
Product-crossplanecrossplane
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-34324
Matching Score-4
Assigner-Xen Project
ShareView Details
Matching Score-4
Assigner-Xen Project
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 21.12%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 16:30
Updated-05 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible deadlock in Linux kernel event handling

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

Action-Not Available
Vendor-Linux Kernel Organization, IncXen Project
Product-linux_kernelxenLinux
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-32229
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-4.9||MEDIUM
EPSS-0.13% / 32.91%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 10:03
Updated-12 Dec, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-flexidome_outdoor_5100i_ircpp13_firmwareautodome_inteox_7000iflexidome_panoramic_5100i_irmic_inteox_7100iflexidome_indoor_5100iflexidome_inteox_7100i_irdinion_7100i_irautodome_7000iflexidome_multi_7000i_irdinion_inteox_7100i_irflexidome_indoor_5100i_ircpp14_firmwareflexidome_outdoor_5100iautodome_7100_irflexidome_multi_7000iflexidome_panoramic_5100iCamera Firmware
CWE ID-CWE-1246
Improper Write Handling in Limited-write Non-Volatile Memories
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-4003
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-2.7||LOW
EPSS-0.19% / 40.88%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:29
Updated-13 Aug, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-q14q14_firmwareQ14 Mesh Router Firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-36310
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.32% / 54.26%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Dell Networking OS10
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-23852
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-4.9||MEDIUM
EPSS-0.26% / 49.20%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 14:18
Updated-16 Sep, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS) due to invalid web parameter

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).

Action-Not Available
Vendor-Robert Bosch GmbH
Product-cpp13cpp7_firmwarecpp13_firmwarecpp4_firmwarecpp7.3_firmwarecpp7.3cpp4cpp7cpp6_firmwarecpp6CPP Firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-52981
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:54
Updated-08 Apr, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

Action-Not Available
Vendor-Elasticsearch BV
Product-Elasticsearch
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • Next
Details not found