Skip to main content

CWE-771

Missing Reference to Active Allocated Resource

6 CVEs Avg CVSS 6.8 MITRE
0
CRITICAL
4
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-3039 HIGH PATCH This Week

Denial of service in ISC BIND 9 DNS servers configured with TKEY GSS-API authentication allows remote unauthenticated attackers to trigger excessive memory consumption by sending maliciously crafted packets. The flaw primarily impacts Active Directory-integrated DNS and Kerberos-secured DNS deployments, where service exhaustion can disrupt authentication, name resolution, and dependent enterprise services. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the CVSS 7.5 score and network-reachable, unauthenticated nature warrant timely patching.

Information Disclosure Bind 9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20004 HIGH This Week

Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. Successful exploitation renders affected devices unresponsive, with no patch currently available.

Cisco Denial Of Service Apple
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-21090 MEDIUM This Month

Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel
NVD
CVSS 4.0
4.1
EPSS
0.0%
CVE-2024-56343 MEDIUM This Month

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

Denial Of Service IBM Verify Identity Access Digital Credentials
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-20244 HIGH This Week

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2021-34720 HIGH This Week

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ISC BIND 9 DNS servers configured with TKEY GSS-API authentication allows remote unauthenticated attackers to trigger excessive memory consumption by sending maliciously crafted packets. The flaw primarily impacts Active Directory-integrated DNS and Kerberos-secured DNS deployments, where service exhaustion can disrupt authentication, name resolution, and dependent enterprise services. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the CVSS 7.5 score and network-reachable, unauthenticated nature warrant timely patching.

Information Disclosure Bind 9
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. Successful exploitation renders affected devices unresponsive, with no patch currently available.

Cisco Denial Of Service Apple
NVD VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

Denial Of Service IBM Verify Identity Access Digital Credentials
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy