Vulnerabilities (CVE)

Filtered by CWE-400
Total 2056 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-33068 2025-06-12 N/A 7.5 HIGH
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-32724 2025-06-12 N/A 7.5 HIGH
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2024-25451 1 Axiosys 1 Bento4 2025-06-12 N/A 6.5 MEDIUM
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.
CVE-2023-44487 32 Akka, Amazon, Apache and 29 more 313 Http Server, Opensearch Data Prepper, Apisix and 310 more 2025-06-11 N/A 7.5 HIGH
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-52098 1 Huawei 2 Emui, Harmonyos 2025-06-11 N/A 7.5 HIGH
Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.
CVE-2025-25193 2 Microsoft, Netty 2 Windows, Netty 2025-06-11 N/A 5.5 MEDIUM
Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.
CVE-2023-42983 1 Apple 1 Macos 2025-06-09 N/A 6.4 MEDIUM
Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.
CVE-2022-41404 2 Debian, Ini4j Project 2 Debian Linux, Ini4j 2025-06-09 N/A 7.5 HIGH
An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2025-25208 2025-06-09 N/A 5.7 MEDIUM
A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
CVE-2025-25207 2025-06-09 N/A 5.7 MEDIUM
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
CVE-2025-41360 2025-06-06 N/A N/A
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.
CVE-2025-41361 2025-06-06 N/A N/A
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.
CVE-2023-34324 2 Linux, Xen 2 Linux Kernel, Xen 2025-06-05 N/A 4.9 MEDIUM
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).
CVE-2024-12601 1 Codepeople 1 Calculated Fields Form 2025-06-05 N/A 5.3 MEDIUM
The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.
CVE-2023-48951 1 Openlinksw 1 Virtuoso 2025-06-05 N/A 7.5 HIGH
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2024-42849 1 Silverpeas 1 Silverpeas 2025-06-05 N/A 6.5 MEDIUM
An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.
CVE-2024-20502 1 Cisco 50 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 47 more 2025-06-04 N/A 5.8 MEDIUM
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
CVE-2024-20500 1 Cisco 50 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 47 more 2025-06-04 N/A 5.8 MEDIUM
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
CVE-2024-23744 1 Arm 1 Mbed Tls 2025-06-04 N/A 7.5 HIGH
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
CVE-2022-34701 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-06-04 N/A 7.5 HIGH
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability