Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-56352

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 May, 2026 | 00:00
Updated At-18 May, 2026 | 17:27
Rejected At-
Credits

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 May, 2026 | 00:00
Updated At:18 May, 2026 | 17:27
Rejected At:
â–¼CVE Numbering Authority (CNA)

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/JustDoIt0910/tinyMQTT/issues/19
N/A
Hyperlink: https://github.com/JustDoIt0910/tinyMQTT/issues/19
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/user-attachments/files/21207896/Resource_Exhaustion_Poc.txt
exploit
Hyperlink: https://github.com/user-attachments/files/21207896/Resource_Exhaustion_Poc.txt
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 May, 2026 | 16:16
Updated At:18 May, 2026 | 20:27

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-400Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-400
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/JustDoIt0910/tinyMQTT/issues/19cve@mitre.org
N/A
https://github.com/user-attachments/files/21207896/Resource_Exhaustion_Poc.txt134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/JustDoIt0910/tinyMQTT/issues/19
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/user-attachments/files/21207896/Resource_Exhaustion_Poc.txt
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1377Records found

CVE-2023-34397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.35%
||
7 Day CHG+0.03%
Published-13 Feb, 2025 | 00:00
Updated-27 Jun, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.

Action-Not Available
Vendor-mercedes-benzn/a
Product-headunit_ntg6_mercedes-benz_user_experiencen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-15383
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.49% / 82.87%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability

A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-11090
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.73% / 75.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 00:05
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in Indy Node

In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.

Action-Not Available
Vendor-HyperledgerThe Linux Foundation
Product-indy-nodeIndy Node
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-52887
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 14:31
Updated-06 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cpp-httplib has unlimited number of http header fields, which causes memory leak

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.

Action-Not Available
Vendor-yhiroseyhirose
Product-cpp-httplibcpp-httplib
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-33297
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 69.45%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 00:00
Updated-28 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-34061
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.72%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 07:01
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-34061 – Gorouter route pruning

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

Action-Not Available
Vendor-Cloud FoundryVMware (Broadcom Inc.)
Product-cloud_foundry_routing_releasecloud_foundry_deploymentRouting ReleaseCF deployment
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-34104
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.14% / 62.92%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 17:35
Updated-02 Aug, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regex Injection via Doctype Entities

fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option.

Action-Not Available
Vendor-fast-xml-parser_projectNaturalIntelligence
Product-fast-xml-parserfast-xml-parser
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2020-10772
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.87%
||
7 Day CHG~0.00%
Published-27 Nov, 2020 | 17:40
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

Action-Not Available
Vendor-nlnetlabsn/aRed Hat, Inc.
Product-unboundenterprise_linuxunbound
CWE ID-CWE-406
Insufficient Control of Network Message Volume (Network Amplification)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-33141
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.22% / 80.70%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 01:25
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability

Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-yet_another_reverse_proxyYARP 2.0YARP 1.0
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-0441
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.08% / 61.25%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 12:49
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-52322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.64%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 00:00
Updated-17 Oct, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF (PGW-C), using the IP address of a legitimate UE in the PDN Address Allocation (PAA) field

Action-Not Available
Vendor-open5gsn/a
Product-open5gsn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-33026
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.51%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in WLAN Firmware

Transient DOS in WLAN Firmware while parsing a NAN management frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresd865_5gipq9574qcn9000_firmwareqcn6102_firmwareqca6595qcn9022ipq6028_firmwareimmersive_home_214_platformqca8081_firmwarewcd9370qcn9001qca8072qca6696wcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024qcn9003_firmwarear9380qcc2073_firmwareqcc710_firmwareipq8076qca6426wcn6740_firmwareipq6018_firmwareqca9984_firmwareqcn6023qcn5124_firmwaresm7325-ae_firmwarewsa8832_firmwareimmersive_home_216_platformqca8337qca9994_firmwareqca6426_firmwarewcd9395ipq6000qca6574au_firmwareipq8078aipq8078a_firmwarewcn785x-5qam8295pqca6574auwcd9390wsa8810_firmwarewsa8845h_firmwareqcn9100_firmwareqca2064_firmwareqcn5122qca6554aqcn6024_firmwareqca9886_firmwaresm8350qcn9000ssg2115pqcc710qcn6132_firmwareqca2062_firmwareqsm8350_firmwareqcn5054sm8450_firmwareipq5332_firmwareqcn5052qca9980qfw7114wcd9385_firmwareqca6421snapdragon_x55_5g_modem-rf_systemipq9574_firmwareqam8255p_firmwareipq8064ipq8074a_firmwareipq8076aqcn5164snapdragon_ar2_gen_1_platform_firmwareqcs4490immersive_home_3210_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6421_firmwareqca6564au_firmwarecsr8811_firmwarewsa8810qca8075qcn5021qam8650pvideo_collaboration_vc5_platform_firmwareqca8085snapdragon_8\+_gen_2_mobile_platformsm8350-acqcn6100qca6595ausm7325_firmwaresm7315_firmwarewsa8840qcs8550_firmwareqca9986_firmwareqfw7124_firmwareqca6436_firmwareqcn9012ipq8070a_firmwareqcn5021_firmwareqcn9070qcs4490_firmwaresnapdragon_8_gen_2_mobile_platformqcf8001snapdragon_7c\+_gen_3_compute_firmwareqca8084sm8250-ac_firmwaresdx65mwcd9370_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqcc2076qca6574aipq9570sm7325-aewcd9340qcs8250_firmwareqcm6490immersive_home_316_platform_firmwareqcn6122_firmwareqcn5154_firmwaresm8550p_firmwareimmersive_home_3210_platformqcm8550qcn5122_firmwareqcn9274qcn9024pmp8074ipq8076a_firmwaresm7325-afqca6574snapdragon_x75_5g_modem-rf_systemipq9570_firmwaresxr2230p_firmwarear9380_firmwareqca2066_firmwareqcn9011qcn9024_firmwarewsa8845hqca8082qca8072_firmwarewsa8830sm8550pqcn9074_firmwareipq8174qcn6122sa8255p_firmwareflight_rb5_5g_platform_firmwarewcn785x-1_firmwareqcc2073ipq8174_firmwarear8035ipq8072aqrb5165m_firmwareqca2065qca9985robotics_rb5_platformqcn6224ipq8071asc8280xp-absm8475_firmwareqcn6112qca6698aqwcn3950_firmwaressg2125p_firmwareqrb5165nwcn685x-1sm7325p_firmwarevideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwareqcn9002ipq8078immersive_home_326_platform_firmwareqcs6490qcs8250ipq9554_firmwaresc8280xp-bb_firmwareqcn9072wsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832qca8082_firmwareqcc2076_firmwaresxr2130_firmwareqca6678aqar8035_firmwareqcn5022_firmwaresm8475qca9992qrb5165msm8250-ab_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwareipq9008ipq9554qca6564auqca9992_firmwareqca9990ipq8070ipq9008_firmwareqcn9074immersive_home_214_platform_firmwaresm7325-af_firmwarewsa8815_firmwaresm8250-abqca8337_firmwareqcn5054_firmwaresm7325qca9888ipq5332qcn9013sg8275p_firmwareipq8173qcm6490_firmwareipq8072a_firmwaresm8350-ac_firmwareipq6010_firmwareqcm4490_firmwarewcn785x-5_firmwarewcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresm7350-ab_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwareqca8085_firmwaresa8295p_firmwareqca9984ipq5010_firmwareqcn9022_firmwareqca9886qcn6132ipq6018qcn6102qca6584ausd888qcn6274_firmwareqcn9011_firmwarewcn685x-5wcn6740ipq8065qfw7114_firmwareqca4024sc8280xp-ab_firmwareqcs7230sm8250-acqca6595_firmwaresm8250_firmwareqcn9001_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380qam8255psxr2230pqca9990_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9003qca8075_firmwareqcn5052_firmwaresm7350-absnapdragon_auto_5g_modem-rf_firmwareqca2064sm8350_firmwaresxr1230pqca2065_firmwareipq6010sdx65m_firmwarevideo_collaboration_vc3_platformqca9980_firmwareqca9985_firmwareqam8295p_firmwareqca6431_firmwaresm7315qca6698aq_firmwarewcd9385qca9994qsm8350sc8280xp-bbqca8084_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwarewcn6750qcn5024sg8275pwcn6750_firmwareipq8071a_firmwaresnapdragon_auto_5g_modem-rfssg2125pqca6554a_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformimmersive_home_326_platformsm7325pqam8650p_firmwareqcn9013_firmwarevideo_collaboration_vc5_platformqca2062qcs6490_firmwaresm8450snapdragon_x65_5g_modem-rf_systemipq8076_firmwarewcn3980_firmwareqca6584au_firmwareqrb5165n_firmwareqca6436qcn5152_firmwareqcn6274wsa8835wsa8840_firmwareqca6391_firmwareqfw7124qca6595au_firmwareqca0000sm8250snapdragon_ar2_gen_1_platformipq8068qca6696_firmwarewcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqcn5124qam8775pipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwareqcn9072_firmwareqca9888_firmwareipq8074aimmersive_home_318_platformqca9889qcn5024_firmwaresd_8_gen1_5g_firmwareqcn9002_firmwarewcd9375_firmwareqca8386qca6391ipq5010qcn9274_firmwarewcn785x-1ipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295probotics_rb5_platform_firmwareqcs8550ipq8068_firmwareipq6000_firmwareqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375ipq8078_firmwarewcn685x-5_firmwareqca9889_firmwareipq8070_firmwareqcn5154immersive_home_316_platformwsa8835_firmwareqca2066ssg2115p_firmwarecsr8811qcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980wcn685x-1_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwaresxr2230p_firmwaresg8275p_firmwareipq8173_firmwareqca6431_firmwareflight_rb5_5g_platform_firmwareqcn6224_firmwareqca4024_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwareipq5028_firmwareqca6595au_firmwareqca2064_firmwareqcn5152_firmwareqca0000_firmwareqca6584au_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareimmersive_home_316_platform_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqsm8350_firmwareqcn5124_firmwareqam8295p_firmwareqcn6100_firmwareqcn6102_firmwareqcn9011_firmwareqca8082_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwarewsa8845h_firmwareqca6436_firmwareqca6564au_firmwaresnapdragon_auto_5g_modem-rf_firmwareipq8070_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwareqca6678aq_firmwareqrb5165m_firmwarewsa8840_firmwareqcf8001_firmwareqcs8550_firmwareqcn6112_firmwarefastconnect_6700_firmwarewsa8810_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwareqca6698aq_firmwaresdx65m_firmwareipq8071a_firmwareqca9888_firmwareqca8085_firmwareqam8775p_firmwareipq8068_firmwareqca2066_firmwareqca6696_firmwareqca2065_firmwareqcs6490_firmwaresxr2130_firmwareipq9008_firmwareqcn5154_firmwareqcc710_firmwareqcn9100_firmwarewsa8830_firmwareqca9992_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwaresa8295p_firmwareimmersive_home_216_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca9985_firmwarerobotics_rb5_platform_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqca9980_firmwareipq8076a_firmwarear9380_firmwareqcn9001_firmwareqcs7230_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwarecsr8811_firmwareipq9554_firmwareqcn5054_firmwareqca8075_firmwaressg2125p_firmwareqcn6132_firmwareqcn9003_firmwareqca8072_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareqcc2076_firmwareipq8070a_firmwareqcn9274_firmwareqfw7114_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwarewcd9340_firmwaresm7325p_firmwarepmp8074_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwareqca9986_firmwareqca6426_firmwareqca6574a_firmwareipq9574_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareimmersive_home_3210_platform_firmwareipq8064_firmwareqca6421_firmwareqca2062_firmwarewcn6740_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwareqcm6490_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8832_firmwarefastconnect_6900_firmwareipq6028_firmwareipq8072a_firmwareqca6797aq_firmwareqca9889_firmwareqcn9024_firmwareipq8174_firmwareqcs8250_firmwarefastconnect_7800_firmwareipq5332_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqcn9013_firmwareqca9886_firmwareqam8650p_firmwareipq6010_firmwareqca6595_firmwareqca6391_firmwareimmersive_home_214_platform_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresd888_firmwareqcn9022_firmwareqcn5021_firmwarewcd9390_firmwareqca9990_firmwareqcn9002_firmwareqcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-32636
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.78% / 51.82%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 19:19
Updated-13 Feb, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

Action-Not Available
Vendor-glibThe GNOME Project
Product-glibglib
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-6578
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.57% / 72.58%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 19:54
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4_firmwaresinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmwareSINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6667
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 59.36%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 21:51
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6477
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-4.02% / 89.44%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 16:11
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TCP-pipelined queries can bypass tcp-clients limit

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

Action-Not Available
Vendor-Fedora ProjectInternet Systems Consortium, Inc.
Product-bindfedoraBIND9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6661
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 60.27%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 20:35
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerBIG-IP APM
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-31006
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 55.40%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 01:05
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container denial of service

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-25293
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-1.36% / 68.61%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 20:11
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Action-Not Available
Vendor-omniauthoneloginSAML-Toolkits
Product-omniauth_samlruby-samlruby-saml
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-24713
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-14.46% / 96.23%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 19:00
Updated-23 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression denial of service in Rust's regex crate

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.

Action-Not Available
Vendor-rust-langrust-langFedora ProjectDebian GNU/Linux
Product-regexdebian_linuxfedoraregex
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2025-53114
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.66%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 16:25
Updated-18 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged message queue to grow indefinitely, eventually causing an `OutOfMemoryError`. Versions 5.0.23, 6.0.19, 7.0.19, and 8.0.9 patch the issue. As a workaround, disable the acknowledgement extension.

Action-Not Available
Vendor-cometd
Product-cometd
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-7620
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7.5||HIGH
EPSS-2.08% / 79.41%
||
7 Day CHG+0.55%
Published-30 Oct, 2019 | 13:38
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

Action-Not Available
Vendor-Elasticsearch BV
Product-logstashLogstash
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6535
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-4.27% / 89.99%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 19:00
Updated-26 Jun, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mitsubishi Electric MELSEC-Q Series PLCs Resource Exhaustion

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-q03udecpuq04udvcpuq100udehcpu_firmwareq13udpvcpu_firmwareq06udvcpuq06udvcpu_firmwareq06udpvcpu_firmwareq06udehcpu_firmwareq20udehcpu_firmwareq50udehcpu_firmwareq50udehcpuq04udehcpuq26udvcpuq13udvcpuq06udpvcpuq26udvcpu_firmwareq04udpvcpu_firmwareq03udvcpu_firmwareq13udehcpu_firmwareq100udehcpuq26udpvcpuq03udecpu_firmwareq10udehcpu_firmwareq20udehcpuq26udehcpuq10udehcpuq04udvcpu_firmwareq04udpvcpuq06udehcpuq03udvcpuq13udvcpu_firmwareq26udpvcpu_firmwareq26udehcpu_firmwareq04udehcpu_firmwareq13udpvcpuq13udehcpuQ04/06/13/26UDPVCPUQ03/04/06/13/26UDVCPUQ03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-52494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 25.24%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 00:00
Updated-08 Sep, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing slot. However, there is no specific timeout set for this phase, and the server uses the default socket timeout, which is effectively infinite. An attacker can exploit this by sending a malformed TLS ClientHello message with incorrect length values. This causes the server to wait indefinitely for data that never arrives, blocking the worker thread (Line) handling the connection. By opening multiple such connections, up to the server's maximum limit, the attacker can exhaust all available working threads, preventing the server from handling new, legitimate requests.

Action-Not Available
Vendor-adacoren/a
Product-ada_web_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-6683
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 59.36%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:01
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP Virtual Edition
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-53050
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.38%
||
7 Day CHG+0.01%
Published-21 Oct, 2025 | 20:02
Updated-23 Oct, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PeopleTools
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-3163
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-1.37% / 68.78%
||
7 Day CHG~0.00%
Published-08 Jun, 2023 | 13:31
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
y_project RuoYi filterKeyword resource consumption

A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Ruoyi
Product-ruoyiRuoYi
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-6660
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 60.27%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 20:31
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-52288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.23%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 00:00
Updated-09 Oct, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management Function (AMF) component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts via repeated UE connect and disconnect message sequences.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-32067
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.73%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 22:49
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
0-byte UDP payload DoS in c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.

Action-Not Available
Vendor-c-ares_projectc-aresc-aresDebian GNU/LinuxFedora Project
Product-debian_linuxc-aresfedorac-aresfedoradebian_linuxc-ares
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-31418
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.61%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 17:36
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elasticsearch uncontrolled resource consumption

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

Action-Not Available
Vendor-Elasticsearch BV
Product-elastic_cloud_enterpriseelasticsearchElasticsearch
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-31409
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-1.12% / 62.46%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 10:55
Updated-01 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

Action-Not Available
Vendor-SICK AG
Product-ftmg-esd25axx_firmwareftmg-esr40sxx_firmwareftmg-esr50sxxftmg-esd15axx_firmwareftmg-esd20axx_firmwareftmg-esn50sxxftmg-esr40sxxftmg-esd25axxftmg-esr50sxx_firmwareftmg-esn50sxx_firmwareftmg-esn40sxx_firmwareftmg-esd20axxftmg-esn40sxxftmg-esd15axxSICK FTMG-ESD15AXX AIR FLOW SENSORSICK FTMG-ESR50SXX AIR FLOW SENSORSICK FTMG-ESR40SXX AIR FLOW SENSORSICK FTMG-ESN40SXX AIR FLOW SENSORSICK FTMG-ESD25AXX AIR FLOW SENSORSICK FTMG-ESD20AXX AIR FLOW SENSORSICK FTMG-ESN50SXX AIR FLOW SENSOR
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-30311
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.86%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 19:09
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-n/amagic
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-30570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 64.04%
||
7 Day CHG~0.00%
Published-28 May, 2023 | 00:00
Updated-14 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.

Action-Not Available
Vendor-libreswann/a
Product-libreswann/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-53012
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.82% / 53.11%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 18:00
Updated-06 Nov, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaterialX's Lack of Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsing file imports, recursion is used to process nested files; however, there is no limit imposed to the depth of files that can be parsed by the library. By building a sufficiently deep chain of MaterialX files one referencing the next, it is possible to crash the process using the MaterialX library via stack exhaustion. This is fixed in version 1.39.3.

Action-Not Available
Vendor-AcademySoftwareFoundationThe Linux Foundation
Product-materialxMaterialX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-5419
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-8.67% / 94.53%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 13:43
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxRuby on RailsopenSUSERed Hat, Inc.
Product-debian_linuxsoftware_collectionsfedoracloudformsrailsleaphttps://github.com/rails/rails
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-6015
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.61% / 73.20%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 17:55
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities.

Action-Not Available
Vendor-fonFON Wireless Limited
Product-fon2601e-fsw-b_firmwarefon2601e-se_firmwarefon2601e-sefon2601e-refon2601e-fsw-s_firmwarefon2601e-fsw-bfon2601e-fsw-sfon2601e-re_firmwareFON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-5685
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.48% / 87.79%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 18:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xnio: stackoverflowexception when the chain of notifier states becomes problematically big

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7Red Hat JBoss Fuse Service Works 6Red Hat Integration Camel K 1Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apache Camel 4.4.0 for Spring BootRed Hat JBoss Enterprise Application Platform 7Red Hat Process Automation 7Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat Build of KeycloakRed Hat JBoss Data Grid 7Red Hat JBoss Enterprise Application Platform 8Red Hat build of Apache Camel for Spring Boot 3
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-5149
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.76% / 75.48%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 21:59
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc100pfc200_firmwarepfc100_firmwareWAGO PFC100 FirmwareWAGO PFC200 Firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-30635
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 57.42%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver.

Action-Not Available
Vendor-tikvn/a
Product-tikvn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-54365
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.57% / 43.22%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:12
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability.

Action-Not Available
Vendor-traefikTraefikRed Hat, Inc.Go
Product-traefikopenshift_aigoTraefikRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev Spaces
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-28626
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.12% / 62.53%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 20:14
Updated-18 Feb, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic runtime when parsing Markdown in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047`

Action-Not Available
Vendor-comrak_projectkivikakk
Product-comrakcomrak
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-51741
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 22.90%
||
7 Day CHG+0.01%
Published-25 Nov, 2025 | 00:00
Updated-05 Jul, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users.

Action-Not Available
Vendor-interviewxn/a
Product-echon/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-29013
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.08% / 61.51%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 18:15
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP header parsing could cause a deny of service

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

Action-Not Available
Vendor-traefiktraefik
Product-traefiktraefik
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-5739
Matching Score-4
Assigner-Node.js
ShareView Details
Matching Score-4
Assigner-Node.js
CVSS Score-7.5||HIGH
EPSS-5.05% / 91.35%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 16:27
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

Action-Not Available
Vendor-openSUSENode.js (OpenJS Foundation)
Product-node.jsleapNode.js
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-28356
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.71%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-27 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive.

Action-Not Available
Vendor-rocket.chatn/a
Product-rocket.chatRocket.Chat
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-8610
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-39.66% / 98.46%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Fujitsu LimitedOracle CorporationOpenSSLRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-m10-1_firmwaresnapdriveservice_processorenterprise_linux_server_tusstoragegrid_webscaleretail_predictive_application_serverm12-2ssnapcenter_serveroncommand_unified_managerm10-1data_ontapweblogic_serveradaptive_access_manageroncommand_workflow_automationenterprise_linux_serverenterprise_linux_workstationjd_edwards_enterpriseone_toolspan-osm10-4opensslcommunications_analyticsjboss_enterprise_application_platformtimesten_in-memory_databasedebian_linuxenterprise_manager_ops_centerdata_ontap_edgeapplication_testing_suiteenterprise_linux_desktopm12-2s_firmwarem12-2m10-4s_firmwareenterprise_linux_server_eusoncommand_balancem10-4senterprise_linux_server_ausm12-2_firmwaregoldengate_application_adaptersclustered_data_ontap_antivirus_connectorstoragegridcommunications_ip_service_activatorm12-1_firmwarem10-4_firmwareontap_select_deploypeoplesoft_enterprise_peopletoolsclustered_data_ontaphost_agentcn1610_firmwarecore_rdbmsm12-1cn1610smi-s_providere-series_santricity_os_controllerenterprise_linuxOpenSSL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-49763
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.63% / 46.27%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 10:07
Updated-01 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-28882
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 50.16%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 00:00
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.

Action-Not Available
Vendor-owaspn/a
Product-modsecurityn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-28644
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.62% / 45.90%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 18:36
Updated-11 Feb, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisories
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 27
  • 28
  • Next
Details not found