Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-49232

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.7 views

Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks

Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...

8.3CVSS5.5AI score0.00251EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/20 4:30 p.m.5 views

GHSA-8W7M-W749-RX98 Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks

Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...

8.3CVSS5.6AI score0.00251EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/15 11:53 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ACME TLS certificates' automatic generation. An attacker can exhaust system resources by opening multiple connections, sending minimal ClientHello messages with acme-tls/1, an...

8.2CVSS6.6AI score0.00321EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 8:12 p.m.1 views

GHSA-527X-5WRF-22M2 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

Multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is simila...

8.7CVSS7AI score0.00412EPSS
Exploits0References5
OSV
OSV
added 2026/01/08 4:15 p.m.6 views

AZL-74025 CVE-2025-68151 affecting package coredns for versions less than 1.11.1-25

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS5.8AI score0.00412EPSS
Exploits0References1
Talos
Talos
added 2025/10/07 12:0 a.m.5 views

OpenPLC OpenPLC_v3 ModbusTCP server denial of service vulnerability

Talos Vulnerability Report TALOS-2025-2223 OpenPLC OpenPLCv3 ModbusTCP server denial of service vulnerability October 7, 2025 CVE Number CVE-2025-53476 SUMMARY A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A...

5.3CVSS6.6AI score0.00344EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-38542 · Phoenix Contact · Phoenix Contact Fl Mguard

Name of the Vulnerable Software and Affected Versions: Phoenix Contact FL MGUARD versions affected versions not specified Description: An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the...

5.3CVSS7.2AI score0.00481EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.2 views

PT-2023-31949 · Ehttp · Ehttp

Name of the Vulnerable Software and Affected Versions: ehttp version 1.0.6 before 17405b9 Description: The issue is related to a use-after-free in the epoll socket.cpp read func. An attacker can trigger this by making many connections over a short time. Recommendations: For ehttp version 1.0.6...

7.5CVSS7.1AI score0.0074EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3948

connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service failed assertion via a large number of connection attempts...

4.3CVSS6.8AI score0.02915EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-1996

licq before 1.3.6 allows remote attackers to cause a denial of service file-descriptor exhaustion and application crash via a large number of connections...

5CVSS6.8AI score0.11177EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.4 views

SUSE CVE-2011-4609

The svcrun function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service CPU consumption via a large number of RPC connections...

5CVSS8.6AI score0.01834EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-15784

Secure Reliable Transport SRT through 1.3.4 has a CSndUList array overflow if there are many SRT connections...

9.8CVSS7.3AI score0.01973EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-8663

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections...

7.5CVSS7.9AI score0.01475EPSS
Exploits0References10
OSV
OSV
added 2021/06/08 8:15 p.m.3 views

CVE-2021-31340

A vulnerability has been identified in SIMATIC RF166C All versions V1.1 and V1.1 and V1.1 and V1.1 and V1.1 and V1.1 and V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V3.0 V4.0. Affected devices do not properly handle large numbers of incoming connections. A...

7.5CVSS5.7AI score0.00988EPSS
Exploits0References1
Veracode
Veracode
added 2020/09/02 6:50 a.m.27 views

Authentication Bypass

dweeves/magmi is susceptible to authentication bypass. It is possible because it uses a default login magmi:magmi basic authentication when a database connection failure is introduced by a malicious user by sending 151 simultaneous requests to the Magento website, leading to a "Too many...

9.8CVSS2.4AI score0.23897EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/09/01 9:15 p.m.23 views

CVE-2020-5777

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...

9.8CVSS9.6AI score0.23897EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/01 8:34 p.m.25 views

CVE-2020-5777

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...

9.6AI score0.23897EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/07 8:2 p.m.7 views

envoy: Resource exhaustion when accepting too many connections

A flaw was found in envoy in versions through 1.14.1. Accepting too many connections may lead to an exhaustion of file descriptors and/or memory. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.01475EPSS
Exploits0References5
OSV
OSV
added 2019/08/29 1:15 p.m.2 views

DEBIAN-CVE-2019-15784

Secure Reliable Transport SRT through 1.3.4 has a CSndUList array overflow if there are many SRT connections...

9.8CVSS8.5AI score0.01973EPSS
Exploits0References1
Rows per page
Query Builder