| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device. |
| The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. |
| A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. |
| An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service. |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document. |
| GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. |
| The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. |
| Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions. |
| Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS). |
| An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. |
| An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. |
| The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
|
| A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue. |
| Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system. |
| A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. |
| The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources. |
| A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. |
| AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; |
