28 matches found
CVE-2026-49232
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks
Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...
GHSA-8W7M-W749-RX98 Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks
Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ACME TLS certificates' automatic generation. An attacker can exhaust system resources by opening multiple connections, sending minimal ClientHello messages with acme-tls/1, an...
GHSA-527X-5WRF-22M2 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
Multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is simila...
AZL-74025 CVE-2025-68151 affecting package coredns for versions less than 1.11.1-25
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...
OpenPLC OpenPLC_v3 ModbusTCP server denial of service vulnerability
Talos Vulnerability Report TALOS-2025-2223 OpenPLC OpenPLCv3 ModbusTCP server denial of service vulnerability October 7, 2025 CVE Number CVE-2025-53476 SUMMARY A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A...
PT-2024-38542 · Phoenix Contact · Phoenix Contact Fl Mguard
Name of the Vulnerable Software and Affected Versions: Phoenix Contact FL MGUARD versions affected versions not specified Description: An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the...
PT-2023-31949 · Ehttp · Ehttp
Name of the Vulnerable Software and Affected Versions: ehttp version 1.0.6 before 17405b9 Description: The issue is related to a use-after-free in the epoll socket.cpp read func. An attacker can trigger this by making many connections over a short time. Recommendations: For ehttp version 1.0.6...
SUSE CVE-2007-3948
connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service failed assertion via a large number of connection attempts...
SUSE CVE-2008-1996
licq before 1.3.6 allows remote attackers to cause a denial of service file-descriptor exhaustion and application crash via a large number of connections...
SUSE CVE-2011-4609
The svcrun function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service CPU consumption via a large number of RPC connections...
SUSE CVE-2019-15784
Secure Reliable Transport SRT through 1.3.4 has a CSndUList array overflow if there are many SRT connections...
SUSE CVE-2020-8663
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections...
CVE-2021-31340
A vulnerability has been identified in SIMATIC RF166C All versions V1.1 and V1.1 and V1.1 and V1.1 and V1.1 and V1.1 and V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V4.0. Affected devices do not properly handle large numbers of incoming connections. A...
Authentication Bypass
dweeves/magmi is susceptible to authentication bypass. It is possible because it uses a default login magmi:magmi basic authentication when a database connection failure is introduced by a malicious user by sending 151 simultaneous requests to the Magento website, leading to a "Too many...
CVE-2020-5777
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...
CVE-2020-5777
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...
envoy: Resource exhaustion when accepting too many connections
A flaw was found in envoy in versions through 1.14.1. Accepting too many connections may lead to an exhaustion of file descriptors and/or memory. The highest threat from this vulnerability is to system availability...
DEBIAN-CVE-2019-15784
Secure Reliable Transport SRT through 1.3.4 has a CSndUList array overflow if there are many SRT connections...