CWE-400: Resource Exhaustion

Envoy's HTTP/2 implementation has a memory leak vulnerability when receiving RST_STREAM followed by GOAWAY frames from upstream servers. This allows a...

This vulnerability in Windows CryptoAPI allows attackers to cause a denial of service (DoS) by sending specially crafted requests that crash the servi...

This vulnerability affects multiple SIMATIC MV500 series industrial cameras. An unauthenticated remote attacker can send specially crafted Ethernet fr...

This CVE describes a Denial of Service vulnerability in the draw.io diagramming software. Attackers can cause the application to crash or become unres...

CVE-2023-33141 is a denial-of-service vulnerability in Microsoft's Yet Another Reverse Proxy (YARP) that allows attackers to cause service disruption ...

This vulnerability in IBM Security Directory Suite VA 8.0.1 allows attackers to cause denial of service through uncontrolled resource consumption. Att...

A denial-of-service vulnerability in Rockwell Automation FactoryTalk Transaction Manager allows attackers to crash the application or cause high resou...

This vulnerability in Spring Boot allows denial-of-service attacks when Spring MVC applications are deployed behind reverse proxy caches. Attackers ca...

CVE-2023-32067 is a denial-of-service vulnerability in the c-ares asynchronous DNS resolver library where an attacker can send a forged UDP packet wit...

HtmlUnit versions before 2.70.0 contain a stack overflow vulnerability when processing untrusted web content, allowing denial of service attacks. This...

This vulnerability in Bitcoin Core allows attackers to cause denial of service through inefficient draining of the inventory-to-send queue, leading to...

This vulnerability in libreswan's IKEv1 Aggressive Mode implementation causes the pluto daemon to crash when receiving specially crafted packets. It a...

This vulnerability in the OPC UA Legacy Java Stack allows attackers to cause denial-of-service by consuming server resources, making OPC UA servers un...

This vulnerability allows attackers to send specially crafted messages containing specific character chains that cause a chat service process to enter...

This vulnerability in Trustwave ModSecurity allows attackers to cause a denial of service by triggering a segmentation fault in the Transaction class,...

This vulnerability in Starlette's MultipartParser allows remote attackers to cause denial of service by sending excessive multipart form data, leading...

A vulnerability in ONOS 2.5.1's intent framework causes purge-requested intents to remain active but unresponsive to topology changes like link failur...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers to cause a denial of service (DoS) by crashing or hanging the server via...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via the T3 protocol to cause a denial of service by ...

This vulnerability allows unauthenticated attackers to cause a denial of service on D-Link DIR-819 routers by sending a specially crafted request to t...

CVE-2021-39295 is a denial-of-service vulnerability in OpenBMC 2.9 where specially crafted IPMI messages sent to the netipmid interface can crash the ...

A memory allocation vulnerability in Go's HTTP header parsing affects Traefik reverse proxy. Attackers can send specially crafted HTTP headers to caus...

A denial-of-service vulnerability in Poweramp music player allows remote attackers to crash the application by triggering specific UI actions. This af...

This vulnerability in Arista CloudEOS allows attackers to cause denial of service by sending malformed packets that leak packet buffers. If enough mal...

CVE-2023-24860 is a denial-of-service vulnerability in Microsoft Defender that allows attackers to crash the antimalware service, temporarily disablin...

This vulnerability in DUALSPACE Super Security v2.3.7 allows attackers to cause denial of service by manipulating SharedPreference files. It affects A...

This vulnerability in Zoho ManageEngine ADSelfService Plus allows unauthenticated attackers to cause denial-of-service via the Mobile App Authenticati...

This vulnerability allows attackers to cause denial of service by exploiting uncontrolled resource consumption in Devolutions Gateway's logging featur...

CVE-2023-21061 is a resource exhaustion vulnerability in the Android kernel that could allow attackers to cause denial of service conditions. This aff...

This CVE describes a denial-of-service vulnerability in Rack's multipart MIME parsing code. Attackers can craft malicious requests that cause excessiv...

An unauthenticated attacker can send crafted GET requests to FortiRecorder's login authentication mechanism, causing uncontrolled resource consumption...

A kernel crash vulnerability in OpenBSD 7.2 occurs when a TCP packet with destination port 0 matches a pf divert-to rule, causing a denial of service....

CVE-2022-38734 is a Denial of Service vulnerability in NetApp StorageGRID's Local Distribution Router service. Attackers can crash the LDR service by ...

All versions of the lite-web-server package are vulnerable to Denial of Service (DoS) when attackers send HTTP requests containing control characters ...

This vulnerability in Qualcomm WLAN firmware allows an attacker to cause a denial-of-service (DoS) condition by exploiting uncontrolled resource consu...

This CVE describes a denial of service vulnerability in ActiveRecord's PostgreSQL adapter where providing integer values outside the 64-bit signed ran...

CVE-2022-44571 is a denial of service vulnerability in Rack's Content-Disposition header parser that allows attackers to craft malicious inputs causin...

This CVE describes a ReDoS (Regular Expression Denial of Service) vulnerability in Ruby on Rails Action Dispatch. Attackers can cause excessive CPU an...

This CVE describes a ReDoS (Regular Expression Denial of Service) vulnerability in Ruby on Rails Action Dispatch. Attackers can send specially crafted...

This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in GlobalID versions before 1.0.1. An attacker can cause excessive CPU...

This vulnerability in OpenTelemetry Go instrumentation allows attackers to cause denial-of-service through memory exhaustion. By sending HTTP requests...

This vulnerability in Dell Enterprise SONiC OS allows unauthenticated remote attackers to cause denial of service by exploiting an uncontrolled resour...

This vulnerability affects F5 BIG-IP systems with specific HTTP/2 configurations enabled. When HTTP/2 client-side profile and HTTP MRF Router are both...

CVE-2022-24294 is a regular expression denial-of-service (ReDoS) vulnerability in Apache MXNet that allows attackers to cause excessive CPU consumptio...

This vulnerability in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files by exploiting the saveDeepColorAttr service. Attackers can poten...

CVE-2022-30792 is a denial-of-service vulnerability in CODESYS V3's CmpChannelServer component that allows unauthorized attackers to consume resources...

CVE-2022-30591 is a denial-of-service vulnerability in quic-go where attackers can cause high CPU consumption by sending incomplete QUIC or HTTP/3 req...

CVE-2022-26477 is a resource exhaustion vulnerability in Apache SystemDS where an attacker can manipulate serialization data to cause CPU exhaustion t...

CVE-2022-29864 is a denial-of-service vulnerability in the OPC UA .NET Standard Stack where an attacker can crash servers by sending a large volume of...

Envoy proxy versions before 1.22.1 have a decompression vulnerability where attackers can send small, highly compressed payloads that expand to consum...