Denial Of Service

Netty is vulnerable to Denial of Service. The vulnerability is due to the lack of a limit on the number of CONTINUATION frames in Netty's DefaultHttp2FrameReader, where an attacker can send a flood of CONTINUATION frames with zero-byte payloads, bypassing existing size-based mitigations and causi...

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

Ubuntu: Security Advisory (USN-7970-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-45150

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...

EUVD-2017-5842

Malware in sbrugna...

EUVD-2019-9479

Malware in sbrugna...

EUVD-2025-6998

Malicious code in bioql PyPI...

EUVD-2024-54495

Malicious code in bioql PyPI...

EUVD-2024-54497

Malicious code in bioql PyPI...

BIT-VAULT-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

GHSA-8F82-53H8-2P34 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

PT-2025-35133

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.20.3 HashiCorp Vault Enterprise versions 1.19.9, 1.18.14, and 1.16.25 Description A malicious user can submit a specially crafted payload that results in excessive memory and CPU consumption, potentially...

MongoDB 6.0.x < 6.0.23 / 7.0.x < 7.0.20 / 8.0.x < 8.0.9 Incorrect Handling of Incomplete Data (SERVER-106753)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.23, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.9. It is, therefore, affected by a vulnerability as referenced in the SERVER-106753 advisory. - MongoDB Server's mongos component can become unresponsive to new connections due to...

Denial Of Service (DoS)

Apache Tomcat is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient enforcement of resource limits or throttling mechanisms in Apache Tomcat when handling client requests, allows an attacker to exhaust system resources by sending excessive or continuous requests,...

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

CVE-2023-30082

A denial of service attack might be launched against the server if an unusually lengthy password more than 10000000 characters is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all...

CVE-2024-47214

CVE-2024-47214 affects Iglu Server 0.13.0 and earlier. The issue, related to CVE-2024-47212 but involving a different malicious payload, can render Iglu Server completely unresponsive. If operation is not restored, event processing in the pipeline would eventually halt. The CVE’s metric indicates...

Denial of Service (DoS)

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Denial of Service DoS via the multipart boundary processing. An attacker can cause the server to allocate excessive resources and become unresponsive by appending characters...

Synchronous Access of Remote Resource without Timeout

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout by using the option for connecting to an external filesystem via the sshfs-client. An attacker can cause the...