Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36378

Summary
Assigner-JetBrains
Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014
Published At-29 May, 2024 | 13:29
Updated At-02 Aug, 2024 | 03:37
Rejected At-
Credits

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:JetBrains
Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014
Published At:29 May, 2024 | 13:29
Updated At:02 Aug, 2024 | 03:37
Rejected At:
▼CVE Numbering Authority (CNA)

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens

Affected Products
Vendor
JetBrains s.r.o.JetBrains
Product
TeamCity
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.03.2 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-770
Type: N/A
CWE ID: N/A
Description: CWE-770
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
x_transferred
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@jetbrains.com
Published At:29 May, 2024 | 14:15
Updated At:27 Jan, 2025 | 18:45

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

JetBrains s.r.o.
jetbrains
>>teamcity>>Versions before 2024.03.2(exclusive)
cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Secondarycve@jetbrains.com
CWE-770Primarynvd@nist.gov
CWE ID: CWE-770
Type: Secondary
Source: cve@jetbrains.com
CWE ID: CWE-770
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.jetbrains.com/privacy-security/issues-fixed/cve@jetbrains.com
Vendor Advisory
https://www.jetbrains.com/privacy-security/issues-fixed/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: cve@jetbrains.com
Resource:
Vendor Advisory
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

821Records found

CVE-2022-45471
Matching Score-10
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-10
Assigner-JetBrains s.r.o.
CVSS Score-3.5||LOW
EPSS-0.52% / 40.23%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 14:04
Updated-28 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-14958
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.93% / 77.55%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:40
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-pycharmn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-25013
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.37% / 68.52%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 15:00
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-toolboxn/a
CVE-2020-11688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.24%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-11693
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.74% / 74.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CVE-2023-39174
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-1.42% / 69.53%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 14:45
Updated-15 Oct, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-35053
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.17%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 15:46
Updated-03 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-50574
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.64%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 12:55
Updated-29 Oct, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-43182
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.27%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 15:07
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2021-30504
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 81.26%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:32
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-25769
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 75.38%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:30
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CVE-2021-26310
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.00%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:48
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2023-22323
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.20%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:53
Updated-26 Mar, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SSL OCSP Authentication profile vulnerability

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-21144
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-9563
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.60%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 07:33
Updated-02 Jul, 2026 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-Eclipse Parsson
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-25648
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.85% / 88.88%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.Fedora ProjectMozilla Corporation
Product-communications_pricing_design_centercommunications_offline_mediation_controllernetwork_security_servicesfedoraenterprise_linuxjd_edwards_enterpriseone_toolsnss
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-8966
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.27%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:11
Updated-15 Oct, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in gradio-app/gradio

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Action-Not Available
Vendor-gradiogradio-app
Product-videogradio-app/gradio
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20108
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.37%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_manager_im_and_presence_serviceCisco Unified Communications Manager IM and Presence Service
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.45%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 16:48
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-41132
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 51.28%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:28
Updated-11 Sep, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

Action-Not Available
Vendor-sixlaborsSixLaborssixlabors
Product-imagesharpImageSharpimagesharp
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-29487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 69.76%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 17:30
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable.

Action-Not Available
Vendor-n/aXen Project
Product-xapin/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41727
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 38.03%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-20 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TMM vulnerability

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_automation_toolchainbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerr2000big-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerr4000big-ip_application_visibility_and_reportingbig-ip_container_ingress_servicesbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-4140
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.53%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 19:59
Updated-26 Aug, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

Action-Not Available
Vendor-rjbsrjbsrjbsFedora Project
Product-email-mimefedoraEmail-MIMEemail_mime
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41742
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.46%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 15:03
Updated-16 Jul, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelTXSeries for Multiplatforms
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41743
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.63%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 15:02
Updated-16 Jul, 2025 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelTXSeries for Multiplatforms
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-11468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.19% / 86.55%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.

Action-Not Available
Vendor-n/aDocker, Inc.Red Hat, Inc.
Product-docker_registryenterprise_linux_servern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-0121
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.64%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-0383
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 53.76%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:00
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consuption in M-Files Server

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-50695
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.74% / 50.14%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-18 Feb, 2026 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.

Action-Not Available
Vendor-sound4SOUND4 Ltd.Kantar Media
Product-pulsebig_voice4_firmwarefirstpulse_firmwarewm2pulse_eco_firmwareimpact_ecoimpact_eco_firmwarebig_voice4stream_extensionwm2_firmwarefirst_firmwareimpactbig_voice2impact_firmwarepulse_ecobig_voice2_firmwareImpact/Pulse/FirstImpact/Pulse EcoBigVoice4BigVoice2StreamWM2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-50799
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.36% / 27.80%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-02 Jan, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application.

Action-Not Available
Vendor-Fetch Softworks
Product-Fetch Softworks Fetch FTP Client
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-39944
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 03:13
Updated-30 Sep, 2025 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-nvr4432-16p-4ks2\/i_firmwarenvr4208-8p-4ks3nvr4208-8p-4ks2\/l_firmwarenvr4232-4ks2\/l_firmwarenvr4108-4ks3nvr4108-4ks2\/lnvr4204-p-4ks2\/l_firmwarenvr4108hs-4ks3_firmwarenvr4232-4ks3nvr4232-16p-4ks3_firmwarenvr4232-16p-4ks3nvr4104-4ks3_firmwarenvr4816-16p-4ks2\/i_firmwarenvr4108-4ks2\/l_firmwarenvr4108-8p-4ks2\/l_firmwarenvr4104hs-p-4ks3nvr4216-4ks2\/lnvr4116hs-8p-4ks3_firmwarenvr4416-4ks2\/invr4816-16p-4ks2\/invr4104hs-4ks2\/l_firmwarenvr4108-8p-4ks3_firmwarenvr4204-p-4ks2\/lnvr4104hs-p-4ks3\(960g\)nvr4416-4ks2\/i_firmwarenvr4104-4ks3nvr4832-4ks2\/i_firmwarenvr4104-p-4ks3nvr4232-16p-4ks2\/lnvr4108-p-4ks3ipc-hfs8449g-z7-lednvr4108-4ks3_firmwarenvr4108hs-4ks2\/lnvr4204-4ks3_firmwarenvr4204-4ks2\/lnvr4108hs-4ks2\/l_firmwarenvr4232-16p-4ks2\/l_firmwarenvr4108hs-8p-4ks3_firmwarenvr4832-16p-4ks2\/i_firmwarenvr4216-16p-4ks3_firmwarenvr4116hs-8p-4ks2\/lnvr4108hs-p-4ks2\/lnvr4104-p-4ks2\/lnvr4104hs-p-4ks3_firmwarenvr4104-p-4ks3_firmwarenvr4432-4ks2\/invr4208-4ks3nvr4208-4ks2\/l_firmwarenvr4208-8p-4ks3_firmwarenvr4104-4ks2\/l_firmwarenvr4204-p-4ks3_firmwarenvr4204-p-4ks3nvr4108hs-8p-4ks2\/lnvr4116-4ks3nvr4104hs-4ks2\/lnvr4108hs-4ks3\(960g\)nvr4104-p-4ks3\(960g\)nvr4216-4ks3nvr4104hs-4ks3\(960g\)_firmwarenvr4432-16p-4ks2\/invr4216-4ks3_firmwarenvr4232-4ks2\/lnvr4816-4ks2\/i_firmwarenvr4108hs-p-4ks3nvr4208-4ks2\/lnvr4116hs-4ks3ipc-hfs8849g-z3-led_firmwarenvr4816-4ks2\/invr4108-8p-4ks3nvr4108-p-4ks2\/l_firmwarenvr4216-16p-4ks2\/lnvr4416-16p-4ks2\/i_firmwarenvr4108hs-4ks3nvr4116-4ks2\/l_firmwarenvr4204-4ks2\/l_firmwarenvr4104hs-4ks3nvr4116hs-8p-4ks3nvr4104hs-p-4ks3\(960g\)_firmwarenvr4108hs-4ks3\(960g\)_firmwarenvr4108-p-4ks2\/lnvr4104-4ks2\/lnvr4116-8p-4ks3_firmwarenvr4208-8p-4ks2\/lnvr4116hs-4ks2\/lnvr4216-16p-4ks3nvr4116-8p-4ks3nvr4432-4ks2\/i_firmwarenvr4208-4ks3_firmwarenvr4832-16p-4ks2\/invr4108hs-8p-4ks3nvr4108hs-p-4ks2\/l_firmwarenvr4104-p-4ks3\(960g\)_firmwarenvr4104hs-4ks3\(960g\)nvr4104hs-p-4ks2\/lipc-hfs8449g-z7-led_firmwarenvr4216-4ks2\/l_firmwarenvr4116-4ks2\/lnvr4116-8p-4ks2\/lnvr4108-8p-4ks2\/lnvr4116hs-8p-4ks2\/l_firmwarenvr4216-16p-4ks2\/l_firmwarenvr4232-4ks3_firmwarenvr4116hs-4ks3_firmwarenvr4104-p-4ks2\/l_firmwareipc-hfs8849g-z3-lednvr4108hs-8p-4ks2\/l_firmwarenvr4116-4ks3_firmwarenvr4116hs-4ks2\/l_firmwarenvr4108hs-p-4ks3_firmwarenvr4832-4ks2\/invr4116-8p-4ks2\/l_firmwarenvr4104hs-p-4ks2\/l_firmwarenvr4416-16p-4ks2\/invr4104hs-4ks3_firmwarenvr4204-4ks3nvr4108-p-4ks3_firmwareIPC-HX8XXX and NVR4XXXipc-hfw8xxxnvr4832-iipc-hf8xxx_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-28400
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-1.86% / 76.62%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-14 Apr, 2026 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_x201-3p_irtscalance_xr324-4m_eecruggedcom_rm1224_firmwarescalance_x206-1scalance_x320-1fe_firmwareek-ertec_200_evaulation_kit_firmwarescalance_xp-200scalance_xr324-4m_eec_firmwarescalance_xf-200bascalance_x208simatic_mv500softnet-ie_pnioscalance_x204-2_scalance_x206-1_firmwarescalance_s615_firmwarescalance_x204_irtscalance_m-800_firmwarescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xc-200_firmwarescalance_xf204-2ba_irtscalance_xr324-12m_tssimatic_profinet_driver_firmwarescalance_xf208_firmwarescalance_xr-300wg_firmwarescalance_x306-1ldfescalance_x202-2p_irt_proscalance_x304-2fescalance_x204-2fm_firmwarescalance_x204-2tssimatic_mv500_firmwarescalance_xr324-4m_poe_ts_firmwarescalance_xf204scalance_x200-4_p_irtscalance_x308-2lh\+scalance_xm400scalance_x307-3_firmwarescalance_xf204_irtscalance_xf-200ba_firmwarescalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_x310fe_firmwarescalance_xf204-2ba_irt_firmwarescalance_x308-2ldscalance_w700simocode_prov_ethernet\/ipsimatic_net_cp1604_firmwarescalance_x308-2scalance_xr324-12m_ts_firmwareruggedcom_rm1224scalance_x204-2ld_tsscalance_s615scalance_x224simatic_net_cm_1542-1scalance_x302-7eec_firmwarescalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x200-4_p_irt_firmwarescalance_x308-2m_tsscalance_xr324-4m_poeek-ertec_200p_evaluation_kitsimocode_prov_profinetscalance_w700_firmwarescalance_x307-3ldscalance_x204_irt_pro_firmwareek-ertec_200_evaulation_kitscalance_w1700_firmwarescalance_xf201-3p_irt_firmwarescalance_xb-200_firmwaresimatic_net_cp1616_firmwarescalance_xc-200scalance_xr324-4m_poe_tssimatic_net_cp1616scalance_m-800scalance_x201-3p_irt_pro_firmwaresimatic_cfu_pa_firmwarescalance_x208pro_firmwarescalance_xr324-12mscalance_x212-2ldsimatic_s7-1200scalance_x310fesimatic_cfu_pasimocode_prov_profinet_firmwarescalance_xr-300wgscalance_x201-3p_irt_prosimatic_power_line_booster_plbscalance_x308-2_firmwarescalance_x204-2fmscalance_xm400_firmwaresimatic_power_line_booster_plb_firmwaresimocode_prov_ethernet\/ip_firmwarescalance_x306-1ldfe_firmwarescalance_x320-3ldfe_firmwarescalance_x307-3ld_firmwarescalance_x308-2lhscalance_x310simatic_net_cm_1542-1_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2m_poescalance_x202-2_irtscalance_xf204_firmwarescalance_x308-2m_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf204-2_firmwarescalance_xf202-2p_irtscalance_x308-2mscalance_xr500_firmwarescalance_x202-2_irt_firmwarescalance_x206-1ldscalance_w1700scalance_xf204_irt_firmwarescalance_x308-2m_ts_firmwarescalance_xf201-3p_irtscalance_x204-2ldscalance_xf208simatic_net_dk-16xx_pn_ioscalance_xr324-4m_poe_firmwarescalance_x204-2ld_ts_firmwarescalance_x307-2eecscalance_x304-2fe_firmwaredk_standard_ethernet_controller_evaluation_kitsimatic_profinet_driverdk_standard_ethernet_controller_evaluation_kit_firmwarescalance_x307-2eec_firmwarescalance_x308-2lh_firmwarescalance_x320-3ldfeek-ertec_200p_evaluation_kit_firmwarescalance_x204-2_firmwarescalance_xf206-1scalance_xr324-12m_firmwaresimatic_s7-1200_firmwarescalance_x310_firmwarescalance_x206-1ld_firmwarescalance_xp-200_firmwarescalance_x212-2simatic_net_cp1626_firmwarescalance_x204-2ts_firmwarescalance_x208proscalance_x320-1fescalance_x216_firmwarescalance_xb-200scalance_xf202-2p_irt_firmwaresoftnet-ie_pnio_firmwarescalance_x208_firmwarescalance_xr500simatic_ie\/pb-link_v3simatic_ie\/pb-link_v3_firmwarescalance_x307-3simatic_net_cp1626scalance_x216simatic_net_cp1604scalance_xf204-2_scalance_x224_firmwarescalance_x302-7eecSCALANCE X302-7 EEC (230V)SCALANCE W1748-1 M12SCALANCE MUM853-1 (A1)SCALANCE X310FESCALANCE W734-1 RJ45 (USA)SIMATIC MV540 SSCALANCE XR524-8C, 24VSCALANCE XR324-12M TS (24V)SIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1215C DC/DC/RlySCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XC206-2G PoE (54 V DC)SCALANCE XR324-4M EEC (24V, ports on front)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE X208PROSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XR552-12M (2HR2, L3 int.)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE X302-7 EEC (2x 230V, coated)SIMATIC CM 1542-1SCALANCE XP216SCALANCE XR324-4M EEC (2x 24V, ports on front)SIMATIC MV550 SSCALANCE XP216POE EECSCALANCE X306-1LD FESCALANCE X307-2 EEC (24V)SCALANCE X201-3P IRTSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE X202-2P IRT PROSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE XC224SCALANCE XM408-4C (L3 int.)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XC208G PoE (54 V DC)SCALANCE W786-2IA RJ45SCALANCE X307-2 EEC (2x 230V)SCALANCE X308-2M PoESCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE X200-4P IRTSIMATIC IE/PB-LINKSIMATIC S7-1200 CPU 1212C DC/DC/RlySCALANCE XB208 (E/IP)SIPLUS S7-1200 CPU 1214 AC/DC/RLYSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE MUM853-1 (EU)SCALANCE X212-2SIPLUS S7-1200 CPU 1215FC DC/DC/DCSCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE X308-2LDSCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE XR526-8C, 2x230VSIMATIC PROFINET DriverSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR526-8C, 1x230VSCALANCE MUM856-1 (A1)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE X408-2SCALANCE M874-3SCALANCE XM408-8CSCALANCE X302-7 EEC (24V, coated)SCALANCE M876-4 (NAM)SCALANCE X202-2IRTSCALANCE X212-2LDSIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE X206-1LDSCALANCE XC216-3G PoESCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X206-1SCALANCE XC216-4C G EECSCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XF204-2SCALANCE MUM856-1 (EU)SCALANCE X308-2MSCALANCE XC206-2SFP G EECSCALANCE W734-1 RJ45SCALANCE W748-1 M12SIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE XF204-2BA DNASCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR526-8C, 2x230V (L3 int.)SIMATIC S7-1200 CPU 1214C DC/DC/DCSCALANCE X320-1 FESCALANCE X307-2 EEC (230V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SIPLUS S7-1200 CPU 1214C AC/DC/RLYSCALANCE XF202-2P IRTSCALANCE XR528-6MSIMATIC Power Line Booster PLB, Base ModuleSIPLUS SIMOCODE pro V basic unit 2SIMATIC S7-1200 CPU 1211C AC/DC/RlySCALANCE W788-1 RJ45SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XP208 (Ethernet/IP)SCALANCE XB205-3 (ST, PN)SIMATIC S7-1200 CPU 1212C AC/DC/RlySCALANCE XB216 (E/IP)SIMOCODE pro V EIP 24V DCSCALANCE X302-7 EEC (230V, coated)SCALANCE XC208G PoESCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC CFU PASCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ControllerSIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SIPLUS NET SCALANCE X308-2SIMATIC S7-1200 CPU 1212FC DC/DC/RlySCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE X304-2FESIMATIC CFU DIQSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE X224SCALANCE X308-2SCALANCE X204IRTSCALANCE X204-2LD TSSCALANCE X204-2FMSCALANCE M876-4 (EU)SCALANCE XC224-4C G (EIP Def.)SCALANCE XC206-2SFP GSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE X302-7 EEC (2x 24V)SCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE MUM856-1 (B1)SCALANCE X307-3SCALANCE XC216-4CSCALANCE XF201-3P IRTSIMOCODE pro V PN 110-240V AC/DCSIPLUS S7-1200 CPU 1212C AC/DC/RLYSCALANCE XF206-1SCALANCE XR324-12M (230V, ports on rear)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SOFTNET-IE PNIOSCALANCE X201-3P IRT PROSCALANCE X308-2LHSCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE M826-2 SHDSL-RouterSIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE W1788-2 M12SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X202-2P IRTSCALANCE W774-1 M12 EECSIMATIC S7-1200 CPU 1211C DC/DC/RlySIPLUS S7-1200 CPU 1215C DC/DC/DCSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SIMATIC S7-1200 CPU 1214C AC/DC/RlySIMATIC S7-1200 CPU 1212FC DC/DC/DCSCALANCE W778-1 M12 EECSCALANCE XR324-12M (230V, ports on front)SIMATIC S7-1200 CPU 1217C DC/DC/DCSCALANCE XR324-4M PoE (24V, ports on front)SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC CP 1604SIMATIC MV540 HSCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE X307-2 EEC (2x 24V)SCALANCE XC208GSCALANCE XB213-3 (SC, PN)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC MV550 HSCALANCE XF208SCALANCE MUM853-1 (B1)SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XF204IRTSIMOCODE pro V EIP 110-240V AC/DCSCALANCE W778-1 M12 EEC (USA)SIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE X320-1-2LD FESCALANCE XC208SIMATIC S7-1200 CPU 1214FC DC/DC/RlySCALANCE XR552-12MSIMATIC CP 1626SCALANCE M876-3 (ROK)SIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1212C DC/DC/DCSCALANCE X216SCALANCE XR526-8C, 1x230V (L3 int.)Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200SCALANCE XR324-12M (24V, ports on front)SCALANCE X204-2LDSCALANCE X204-2TSSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE MUM856-1 (CN)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSIMATIC S7-1200 CPU 1215C AC/DC/RlySCALANCE M874-3 3G-Router (CN)SCALANCE S615 EEC LAN-RouterSCALANCE W786-2 SFPSCALANCE X302-7 EEC (2x 24V, coated)SIMATIC S7-1200 CPU 1215FC DC/DC/RlySCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SIMATIC MV560 XSCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE X308-2LH+SCALANCE XM416-4CSCALANCE X204IRT PROSIMATIC MV560 USCALANCE XR524-8C, 2x230VSIMATIC S7-1200 CPU V4 family (incl. SIPLUS variants)SCALANCE X204-2SCALANCE XB205-3LD (SC, E/IP)SIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214 DC/DC/RLYSCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE XR324-12M (24V, ports on rear)SIPLUS S7-1200 CPU 1214C DC/DC/DCSCALANCE XF204-2BA IRTSCALANCE M874-2SIMATIC S7-1200 CPU 1215FC DC/DC/DCSCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE X302-7 EEC (2x 230V)SCALANCE XP208EECSCALANCE XF204 DNASCALANCE X307-3LDSCALANCE X310SCALANCE XR324-4M PoE (230V, ports on front)SIPLUS S7-1200 CPU 1215 DC/DC/DCSCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE X208SCALANCE W786-2 RJ45RUGGEDCOM RM1224 LTE(4G) EUSIPLUS S7-1200 CPU 1212 AC/DC/RLYSCALANCE X302-7 EEC (24V)SCALANCE X308-2M TSSCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE M804PBSCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE M876-4SCALANCE XC206-2SFPSIMATIC CP 1616Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200PSCALANCE W788-2 M12 EECSCALANCE X307-2 EEC (24V, coated)SCALANCE MUM856-1 (RoW)SIMATIC NET DK-16xx PN IOSIPLUS NET SCALANCE XC206-2SFPSCALANCE X307-2 EEC (230V)SIMOCODE pro V PN 24V DCdevelopment_evaluation_kits_for_profinet_io_ek_ertec_200pscalance_m816-1_adsl-router_annex_bscalence_x204_2tsscalence_m874_3scalance_m826-2_shdsl-routerscalance_m812-1_adsl-router_annex_bscalance_m816_1_adsl_router_annex_adevelopment_evaluation_kits_for_profinet_io_ek_ertec_200scalence_m874_2scalance_x200_4p_irtscalance_w1788_2ia_m12scalance_x201_3p_irt_proscalence_x204_2ldscalance_w1748_1_m12scalancce_x204_2scalance_m876_3_rokscalence_202_2p_irt_proscalance_w1788_2_eec_m12scalence_x204_2ld_tsscalance_w700_ieee_802.11n_familyscalance_m804pbscalance_s615scalance_x201_3p_irtscalance_w1788_2_m12scalance_m876_4_namscalance_m876_4_eudevelopment_evaluation_kits_for_profinet_io_dk_standard_ethernet_controllerscalance_m812-1_adsl-router_annex_ascalance_w1788_1_m12scalence_x204_2fmruggedcom_rm1224scalance_m876_3_evdoscalancce_x202_2p_irt
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-48498
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-12 Dec, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-10790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.65%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 13:54
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38535
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.67%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 14:50
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

Action-Not Available
Vendor-oisfOISFoisf
Product-suricatasuricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38534
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.36%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 14:47
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata modbus: txs without responses are never freed

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

Action-Not Available
Vendor-oisfOISFoisf
Product-suricatasuricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38528
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.34%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 19:28
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited number of NTS-KE connections can crash ntpd-rs server

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. This vulnerability has been patched in version 1.1.3.

Action-Not Available
Vendor-pendulum-projecttweedegolf
Product-ntpd-rsntpd-rs
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-47562
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.11%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 07:56
Updated-24 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in Ormazabal products

Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.

Action-Not Available
Vendor-ormazabalOrmazabalormazabal
Product-ekorccpekorccp_firmwareekorrciekorrci_firmwareekorRCIekorCCPekorrciekorccp
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-46416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.88% / 54.55%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.

Action-Not Available
Vendor-parrotn/a
Product-bebopbebop_firmwaren/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-26249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.95%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 00:00
Updated-14 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.

Action-Not Available
Vendor-nicn/a
Product-knot_resolvern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38286
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.6||HIGH
EPSS-1.70% / 74.44%
||
7 Day CHG~0.00%
Published-07 Nov, 2024 | 07:37
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Denial of Service

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-tomcatontap_toolsApache Tomcattomcat
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-45434
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-5.9||MEDIUM
EPSS-0.66% / 47.13%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.

Action-Not Available
Vendor-n/aMicrosoft CorporationDahua Technology Co., Ltd
Product-dhi-dss4004-s2_firmwaredhi-dss7016dr-s2_firmwaredhi-dss4004-s2windowsdhi-dss7016d-s2dhi-dss7016d-s2_firmwaredss_professionaldhi-dss7016dr-s2dss_expressDSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-37302
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.11%
||
7 Day CHG+0.01%
Published-03 Dec, 2024 | 17:04
Updated-26 Aug, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Synapse denial of service through media disk space consumption

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached.

Action-Not Available
Vendor-element-hqelement-hqThe Matrix.org Foundation
Product-synapsesynapsesynapse
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-27978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.83% / 76.31%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 14:43
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.

Action-Not Available
Vendor-shibbolethn/a
Product-identity_providern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-28491
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-3.07% / 86.06%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:50
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS)

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

Action-Not Available
Vendor-quarkusn/aOracle CorporationFasterXML, LLC.
Product-jackson-dataformats-binaryweblogic_serverquarkuscom.fasterxml.jackson.dataformat:jackson-dataformat-cbor
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-37358
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.6||HIGH
EPSS-0.80% / 52.21%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 11:22
Updated-29 Sep, 2025 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache James: denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.

Action-Not Available
Vendor-The Apache Software Foundation
Product-james_serverApache James server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-37298
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.80%
||
7 Day CHG+0.01%
Published-01 Jul, 2024 | 18:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential memory exhaustion attack due to sparse slice deserialization

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.

Action-Not Available
Vendor-gorillagorillatoolkit
Product-schemaschema
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-3760
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.15%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:26
Updated-18 Nov, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Email Bombing Vulnerability in lunary-ai/lunary

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization.

Action-Not Available
Vendor-Lunary LLC
Product-lunarylunary-ai/lunarylunary-ai\/lunary
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-25156
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.37%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-10 Mar, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kiwi TCMS has no protection against brute-force attacks on login page

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.

Action-Not Available
Vendor-kiwitcmskiwitcms
Product-kiwi_tcmskiwi
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-27173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.41%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 03:58
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.

Action-Not Available
Vendor-vm-superio_projectn/a
Product-vm-superion/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found