Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-40593

Summary
Assigner-Splunk
Assigner Org ID-42b59230-ec95-491e-8425-5a5befa1a469
Published At-30 Aug, 2023 | 16:19
Updated At-28 Feb, 2025 | 11:03
Rejected At-
Credits

Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Splunk
Assigner Org ID:42b59230-ec95-491e-8425-5a5befa1a469
Published At:30 Aug, 2023 | 16:19
Updated At:28 Feb, 2025 | 11:03
Rejected At:
▼CVE Numbering Authority (CNA)
Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

Affected Products
Vendor
Splunk LLC (Cisco Systems, Inc.)Splunk
Product
Splunk Enterprise
Versions
Affected
  • From 8.2 before 8.2.12 (custom)
  • From 9.0 before 9.0.6 (custom)
Vendor
Splunk LLC (Cisco Systems, Inc.)Splunk
Product
Splunk Cloud
Versions
Affected
  • From - before 9.0.2205 (custom)
Problem Types
TypeCWE IDDescription
cweCWE-400The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Type: cwe
CWE ID: CWE-400
Description: The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Aaron Devaney (Dodekeract)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://advisory.splunk.com/advisories/SVD-2023-0802
N/A
https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/
N/A
Hyperlink: https://advisory.splunk.com/advisories/SVD-2023-0802
Resource: N/A
Hyperlink: https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://advisory.splunk.com/advisories/SVD-2023-0802
x_transferred
https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/
x_transferred
Hyperlink: https://advisory.splunk.com/advisories/SVD-2023-0802
Resource:
x_transferred
Hyperlink: https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:prodsec@splunk.com
Published At:30 Aug, 2023 | 17:15
Updated At:10 Apr, 2024 | 01:15

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CPE Matches

Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk>>Versions from 8.2.0(inclusive) to 8.2.12(exclusive)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk>>Versions from 9.0.0(inclusive) to 9.0.6(exclusive)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk_cloud_platform>>Versions up to 9.0.2305.100(inclusive)
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-400Secondaryprodsec@splunk.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: prodsec@splunk.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://advisory.splunk.com/advisories/SVD-2023-0802prodsec@splunk.com
Vendor Advisory
https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/prodsec@splunk.com
Vendor Advisory
Hyperlink: https://advisory.splunk.com/advisories/SVD-2023-0802
Source: prodsec@splunk.com
Resource:
Vendor Advisory
Hyperlink: https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/
Source: prodsec@splunk.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1349Records found

CVE-2023-0518
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.22% / 64.92%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-4068
Matching Score-4
Assigner-Checkmarx
ShareView Details
Matching Score-4
Assigner-Checkmarx
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.63%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 10:06
Updated-31 Dec, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Exhaustion in braces

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Action-Not Available
Vendor-jonschlinkertmicromatchmicromatch
Product-bracesbracesbraces
CWE ID-CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-0383
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 53.76%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:00
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consuption in M-Files Server

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41123
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.28% / 66.58%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 14:18
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Action-Not Available
Vendor-Ruby
Product-rexmlrexmlrexml
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9071
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.20%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:47
Updated-23 Jun, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by Uncontrolled Resource Consumption

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.IBM Corporation
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-26289
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.15% / 79.86%
||
7 Day CHG~0.00%
Published-28 Dec, 2020 | 18:50
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression Denial of Service in date-and-time

date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.

Action-Not Available
Vendor-date-and-time_projectknowledgecode
Product-date-and-timedate-and-time
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-4952
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.72% / 49.36%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 02:00
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OmniSharp csharp-language-server-protocol JSON Serializer SerializerBase.cs CreateSerializerSettings resource consumption

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-dotnetfoundationOmniSharp
Product-c\#_language_server_protocolcsharp-language-server-protocol
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-39693
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.61%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 19:54
Updated-10 Sep, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Next.js Denial of Service (DoS) condition

Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.

Action-Not Available
Vendor-vercelvercelvercel
Product-next.jsnext.jsnext.js
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-39551
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 37.69%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 16:29
Updated-23 Jan, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).  Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command.   user@host> show usp memory segment sha data objcache jsf  This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:  *  20.4 before 20.4R3-S10,  *  21.2 before 21.2R3-S6,  *  21.3 before 21.3R3-S5,  *  21.4 before 21.4R3-S6,  *  22.1 before 22.1R3-S4,  *  22.2 before 22.2R3-S2,  *  22.3 before 22.3R3-S1,  *  22.4 before 22.4R3,  *  23.2 before 23.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200mx2008srx5600mx2010srx4700srx4100srx1500srx5400srx300srx340mx10008mx960junosms-mpcsrx320mx480srx4600srx5800mx2020mx-spc3srx4120mx304mx204mx10004srx4300ms-micmx240srx2300srx380srx1600Junos OSjunos_os
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2007-20001
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.42%
||
7 Day CHG-0.01%
Published-06 Feb, 2022 | 20:19
Updated-07 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20.

Action-Not Available
Vendor-starwindsoftwaren/a
Product-iscsi_sann/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-48571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.68%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.

Action-Not Available
Vendor-memcachedn/a
Product-memcachedn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-48351
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-39548
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.49% / 38.64%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 16:26
Updated-23 Jan, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted. This issue affects both IPv4 and IPv6.  Changes in memory usage can be monitored using the following CLI command: user@device> show system memory node <fpc slot> | grep evo-aftmann This issue affects Junos OS Evolved:  * All versions before 21.2R3-S8-EVO,  * 21.3 versions before 21.3R3-S5-EVO,  * 21.4 versions before 21.4R3-S5-EVO,  * 22.1 versions before 22.1R3-S4-EVO,  * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO,  * 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolvedjunos_os_evolved
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-4767
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.6||HIGH
EPSS-0.68% / 47.82%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in usememos/memos

Denial of Service in GitHub repository usememos/memos prior to 0.9.1.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-48748
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.43%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 11:13
Updated-11 May, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: bridge: vlan: fix memory leak in __allowed_ingress

In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and the pvid state is not learning/forwarding, untagged or priority-tagged frame will be dropped but skb memory is not freed. Should free skb when __allowed_ingress returns false.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-29490
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.48% / 70.82%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-4899
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.67%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Action-Not Available
Vendor-n/aFacebook
Product-zstandardzstd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-46315
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.13%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosEMUIHarmonyOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38068
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-10868
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.78%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 18:03
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-certificationredhat-certification
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2025-54605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.32%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 00:00
Updated-07 Nov, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-10585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 69.27%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:25
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 18 allows remote Denial of Service (XML parsing).

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38067
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-46352
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.27%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products.

Action-Not Available
Vendor-Siemens AG
Product-6gk5204-0bs00-3pa36gk5204-0ba00-2mb2_firmware6gk5204-0ba00-2kb2_firmware6gk5204-0ba00-2mb26gk5204-0ba00-2kb26gk5204-0bs00-3la3_firmware6gk5204-0bs00-2na3_firmware6gk5204-0bs00-3pa3_firmware6gk5204-0bs00-2na36gk5204-0bs00-3la3SCALANCE X204RNA (HSR)SCALANCE X204RNA EEC (PRP/HSR)SCALANCE X204RNA EEC (PRP)SCALANCE X204RNA EEC (HSR)SCALANCE X204RNA (PRP)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38236
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.30% / 81.22%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

DHCP Server Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38015
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 82.32%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-45044
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.70% / 48.62%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-11 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_7sj82_firmwaresiprotec_5_7sl82siprotec_5_7sj86_firmwaresiprotec_5_7sk82_firmwaresiprotec_5_7ke85siprotec_5_6md86_firmwaresiprotec_5_communication_module_ethba2el_firmwaresiprotec_5_7ve85siprotec_5_7sd86siprotec_5_7ut85_firmwaresiprotec_5_7vk87siprotec_5_7sj85_firmwaresiprotec_5_7sl87siprotec_5_7sj86siprotec_5_6md86siprotec_5_7vk87_firmwaresiprotec_5_7sa86siprotec_5_compact_7sx800siprotec_5_7ut87_firmwaresiprotec_5_7sl86siprotec_5_7sk85siprotec_5_7sj81siprotec_5_communication_module_ethbd2fo_firmwaresiprotec_5_7sk82siprotec_5_6md85_firmwaresiprotec_5_7ut82_firmwaresiprotec_5_compact_7sx800_firmwaresiprotec_5_7st85siprotec_5_7um85siprotec_5_communication_module_ethbb2fosiprotec_5_6md89_firmwaresiprotec_5_7ut85siprotec_5_7sa82siprotec_5_7sa87_firmwaresiprotec_5_7sj85siprotec_5_communication_module_ethbb2fo_firmwaresiprotec_5_7sj82siprotec_5_7sl87_firmwaresiprotec_5_7sd87siprotec_5_7ve85_firmwaresiprotec_5_7sa82_firmwaresiprotec_5_7ut86siprotec_5_7st85_firmwaresiprotec_5_7sa87siprotec_5_6mu85siprotec_5_7sx85_firmwaresiprotec_5_6mu85_firmwaresiprotec_5_6md89siprotec_5_7um85_firmwaresiprotec_5_7sd82_firmwaresiprotec_5_7ut87siprotec_5_7ut86_firmwaresiprotec_5_7ss85_firmwaresiprotec_5_7sx85siprotec_5_7ke85_firmwaresiprotec_5_6md85siprotec_5_7sl82_firmwaresiprotec_5_7sk85_firmwaresiprotec_5_7sl86_firmwaresiprotec_5_7ut82siprotec_5_7sd82siprotec_5_communication_module_ethba2elsiprotec_5_7sj81_firmwaresiprotec_5_7sd86_firmwaresiprotec_5_communication_module_ethbd2fosiprotec_5_7sa86_firmwaresiprotec_5_7ss85siprotec_5_7sd87_firmwareSIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SD84 (CP200)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SA84 (CP200)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SA87 (CP200)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38031
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2006-5708
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 58.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.

Action-Not Available
Vendor-alt-nn/a
Product-mdaemonn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9496
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.59%
||
7 Day CHG+0.01%
Published-26 May, 2026 | 05:00
Updated-27 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.

Action-Not Available
Vendor-n/a
Product-pacoteorg.webjars.npm:pacote
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38149
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 80.17%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BranchCache Denial of Service Vulnerability

BranchCache Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-28944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.57% / 72.38%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:06
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.

Action-Not Available
Vendor-n/aOpen-Xchange AG
Product-ox_guardn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-54730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.51%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-45003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 59.72%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.

Action-Not Available
Vendor-getgophishn/a
Product-gophishn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38168
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.70% / 84.12%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022.netMicrosoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.8.NET 8.0Microsoft Visual Studio 2022 version 17.10
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43780
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.05%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 17:42
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.

Action-Not Available
Vendor-HP Inc.
Product-m2u94b_firmwarez4b27az4a73a_firmwarez4a59a_firmwarez4b29a_firmwarez4a59am2u85bm2u85b_firmwarem2u92a_firmwarez4a70am2u89bz4a71az4a70a_firmwarem2u84a_firmwarem2u81b_firmwarem2u86b_firmwarem2u86cm2u91am2u86bz4b14am2u91bz4a74am2u92b_firmwarem2u81a_firmwarem2u91b_firmwarez4b28az4b29am2u92az4b12a_firmwarem2u81am2u87a_firmwarez4a69a_firmwarez4a60az4b14a_firmwarem2u81bm2u82am2u77az4a54am2u75am2u87bz4b13a_firmwarez4a74a_firmwarem2u75a_firmwarem2u77a_firmwarez4b18az4a61am2u76a_firmwarem2u82a_firmwarem2u84am2u76am2u84b_firmwarez4a71a_firmwarem2u86c_firmwarez4a61b_firmwarem2u92bz4b12az4b28a_firmwarem2u82b_firmwarem2u82bm2u94a_firmwarem2u87az4b18a_firmwarez4a54a_firmwarem2u91a_firmwarem2u87b_firmwarez4a61a_firmwarem2u86a_firmwarem2u94az4a73az4a69am2u88bm2u84bz4a61bm2u94bm2u85az4a60a_firmwarez4b27a_firmwarem2u89b_firmwarez4b13am2u86am2u85a_firmwarem2u88b_firmwareCertain HP ENVY, OfficeJet, and DeskJet printers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-37125
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.59%
||
7 Day CHG+0.02%
Published-26 Sep, 2024 | 17:01
Updated-25 Nov, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-36743
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.59%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:12
Updated-02 May, 2025 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-37299
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.60% / 44.33%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 14:22
Updated-11 Sep, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse vulnerable to DoS via Tag Group

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2006-7229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 84.75%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.

Action-Not Available
Vendor-n/aUbuntu
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2013-3074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.71% / 74.64%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 20:07
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr4700_firmwarewndr4700n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-28496
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-2.52% / 82.92%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 14:20
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS)

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms")

Action-Not Available
Vendor-three_projectn/a
Product-threethree
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-8968
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.22%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-28469
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-4.46% / 90.26%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 15:15
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS)

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

Action-Not Available
Vendor-gulpjsn/aOracle Corporation
Product-glob-parentcommunications_cloud_native_core_policyglob-parent
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-20813
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.19%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-07 Oct, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.

Action-Not Available
Vendor-openvpnn/a
Product-openvpnn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-27314
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 46.33%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 18:26
Updated-18 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service Vulnerability in ONTAP 9

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.

Action-Not Available
Vendor-NetApp, Inc.
Product-clustered_data_ontapONTAP 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2013-3691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.90% / 89.01%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 18:22
Updated-06 Aug, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.

Action-Not Available
Vendor-ovislinkn/a
Product-airlive_poe2600hd_firmwareairlive_poe2600hdn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-26652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.95%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.

Action-Not Available
Vendor-n/aaircrack-ngRealtek Semiconductor Corp.
Product-rtl8812aurtl8812au_firmwaren/aaircrack-ng
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-44570
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.27%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-13 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

Action-Not Available
Vendor-rackn/a
Product-rackhttps://github.com/rack/rack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-25242
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.27%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover.

Action-Not Available
Vendor-Siemens AG
Product-simatic_net_cp_343-1_standard_firmwaresimatic_net_cp_343-1_advancedsimatic_net_cp_343-1_standardsimatic_net_cp_343-1_leansimatic_net_cp_343-1_advanced_firmwaresimatic_net_cp_343-1_lean_firmwareSIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 26
  • 27
  • Next
Details not found