Denial Of Service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. [CVSS 6.2 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. [CVSS 6.5 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. [CVSS 6.5 MEDIUM]

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to excessive use of a glo (CVSS 6.5).

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. [CVSS 6.5 MEDIUM]

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. [CVSS 6.5 MEDIUM]

LobeHub is an open source human-and-AI-agent network. versions up to 1.143.3 contains a vulnerability that allows attackers to a discrepancy between actual resource consumption and billing calculations, caus.

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 versions up to 2.7 is affected by reachable assertion.

Fast-xml-parser versions 5.0.9 through 5.3.3 crash when processing XML containing out-of-range numeric entity code points, allowing remote attackers to cause denial of service against applications parsing untrusted XML input. Public exploit code exists for this vulnerability. Applications should upgrade to version 5.3.4 or later to remediate.

Denial of service in Free5GC SMF versions up to 4.1.0 allows unauthenticated remote attackers to crash the PFCP UDP endpoint via improper handling of reports in the HandleReports function. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected Free5GC deployments should implement network-level mitigations to restrict PFCP endpoint access.

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. [CVSS 7.5 HIGH]

Remote attackers can trigger a denial of service condition in Free5GC SMF versions up to 4.1.0 through crafted PFCP session report requests to the HandlePfcpSessionReportRequest function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected deployments vulnerable to service disruption attacks.

Denial-of-service attacks against tcpflow up to version 1.61 are possible via malformed 802.11 management frames that trigger a stack-based buffer overflow in TIM element parsing. An unauthenticated remote attacker can craft a specially designed wireless frame to cause a one-byte out-of-bounds write, crashing the application or potentially executing arbitrary code. Public exploit code exists, but no patches are currently available for affected Debian Linux systems and other distributions using vulnerable tcpflow versions.

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder.

A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server. [CVSS 7.5 HIGH]

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls. [CVSS 5.3 MEDIUM]

An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.2 MEDIUM]

An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. [CVSS 6.2 MEDIUM]

Oneflow versions up to 0.9.0 contains a vulnerability that allows attackers to cause a Denial of Service (DoS) via a crafted input (CVSS 6.2).

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. [CVSS 7.5 HIGH]

Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. [CVSS 7.5 HIGH]

QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality. [CVSS 6.2 MEDIUM]

Denial of service in Open5GS up to version 2.7.6 allows remote attackers to crash the SGWC service by manipulating the Modify Bearer Request handler in s11-handler.c. Public exploit code exists for this vulnerability and no patch is currently available. Organizations running affected versions should apply updates as they become available and consider network-level mitigations to restrict access to the S11 interface.

Remote denial of service in Open5GS up to version 2.7.5 affects the SGWC component's TEID-to-IP conversion function, allowing unauthenticated attackers to crash the service over the network. Public exploit code exists for this vulnerability, and while a fix has been developed, no official patch is currently available for affected deployments.

TeamViewer DEX Client versions before 26.1 contain an out-of-bounds read in the Content Distribution Service that enables remote attackers to leak stack memory and trigger denial of service without authentication. Successful exploitation could disclose memory contents useful for bypassing address space layout randomization and chaining with other vulnerabilities. No patch is currently available for this medium-severity flaw affecting Windows deployments.

Denial-of-service in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to crash the NomadBranch.exe service by sending specially crafted UDP packets that trigger a heap buffer overflow. The vulnerability stems from an integer underflow in the UDP command handler that can be exploited without authentication or user interaction. Currently, no patch is available and the attack requires network adjacency to the affected system.

bulk_extractor digital forensics tool starting from version 1.4 has a heap buffer overflow in its embedded unrar code that can be triggered by crafted RAR archives.

An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not f...

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. [CVSS 6.5 MEDIUM]

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. [CVSS 7.5 HIGH]

A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and resource exhaustion by sending large JSON payloads to the username preference endpoint PUT /u//preferences/username, resulting in degraded performance for other users and endpoints. This issue is pat...

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID. [CVSS 7.5 HIGH]

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index. [CVSS 7.5 HIGH]

NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service. [CVSS 5.5 MEDIUM]

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. [CVSS 7.8 HIGH]

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. [CVSS 7.8 HIGH]

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. [CVSS 7.8 HIGH]

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. [CVSS 7.8 HIGH]

YATinyWinFTP has a denial of service vulnerability allowing remote attackers to crash the FTP service by sending a 272-byte crafted packet.

aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. [CVSS 7.5 HIGH]

Arbitrary file write in OpenProject versions before 16.6.6 and 17.0.2 allows authenticated users with repository browse permissions to inject malicious git command options via a crafted rev parameter, enabling creation or overwriting of arbitrary files with the privileges of the OpenProject process. An attacker can exploit the `/projects/:project_id/repository/diff.diff` endpoint to write git show output to attacker-controlled file paths on the server. No patch is currently available for this high-severity vulnerability affecting the open-source project management platform.

Remote denial of service in Open5GS up to version 2.7.6 affects the SGWC component's bearer response handler, allowing unauthenticated attackers to crash the service over the network. Public exploit code exists for this vulnerability, though a patch (commit b19cf6a) is available to resolve it.

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index. [CVSS 7.5 HIGH]

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. [CVSS 7.5 HIGH]

A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero. [CVSS 6.5 MEDIUM]

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes. [CVSS 7.5 HIGH]

Remote denial of service in Open5GS up to version 2.7.6 allows unauthenticated attackers to crash the SGWC component by manipulating bearer resource failure indication messages. Public exploit code exists for this vulnerability, and a patch is available in commit 69b53add90a9479d7960b822fc60601d659c328b.

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. [CVSS 7.5 HIGH]

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where inconsistent URL parsing between libraries allows attackers to bypass host restrictions and force the server to make arbitrary requests to internal network resources. Public exploit code exists for this vulnerability, which poses significant risk in containerized environments where a compromised vLLM instance could be leveraged to access restricted internal systems. The vulnerability affects users running vLLM's multimodal features with untrusted input.

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). [CVSS 3.7 LOW]

GnuPG's gpg-agent fails to properly validate session key sizes in S/MIME messages, allowing remote attackers to trigger a stack buffer overflow via oversized CMS EnvelopedData payloads. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and can be weaponized for denial of service or potentially remote code execution. No patch is currently available.

Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with improperly configured body size limits. An unauthenticated remote attacker can trigger a denial of service by sending crafted requests that exceed the application's stack capacity. A patch is available in version 8.0.3, or administrators can apply the workaround of using default values for request-body-limit and response-body-limit configurations.

Unauthenticated remote attackers can crash core system services on Tapo C220 and C520WS cameras by sending specially crafted files to the firmware update endpoint, bypassing authentication and integrity checks. This results in a persistent denial of service condition that requires manual device reboot to restore functionality. No patch is currently available for affected firmware versions.

Tapo C220 and C520WS network cameras contain an HTTP parser defect that crashes the device when processing requests with excessively long URL paths, allowing unauthenticated remote attackers to trigger repeated denial of service through device reboots. The vulnerability stems from improper error handling that attempts to access unallocated buffers during cleanup operations. No patch is currently available for affected firmware versions.

Unauthenticated remote denial of service in TP-Link Tapo C220 and C520WS network cameras allows attackers to crash the HTTP service by sending POST requests with malformed Content-Length headers, triggering a null pointer dereference. Repeated attacks can keep the devices offline despite automatic restarts, with no available patch to mitigate the vulnerability. This affects camera availability and requires manual intervention to restore service.

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Kyverno versions up to 1.16.3 is affected by allocation of resources without limits or throttling (CVSS 7.7).

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3 traffic triggers excessive memory consumption, potentially exhausting system memory and causing the service to crash. An unauthenticated attacker on the network can exploit this by sending malicious DNP3 packets to cause the IDS/IPS engine to become unavailable. A patch is available in the latest versions, and users can mitigate the risk by disabling the DNP3 parser if not required.

Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation and cause denial of service by sending specially crafted DCERPC traffic. The vulnerability affects versions prior to 8.0.3 and 7.0.14 across DCERPC/UDP, DCERPC/TCP, and SMB protocols, with TCP being partially protected by default stream depth limits. Patches are available, and administrators can mitigate by disabling vulnerable parsers or configuring stream reassembly depth limits.

Ix Ray Engine 1.6 before version 1.3 contains an infinite loop vulnerability that allows remote attackers to cause denial of service without authentication or user interaction. The flaw stems from an unreachable exit condition in a processing loop, enabling attackers to exhaust system resources and render the application unresponsive. No patch is currently available for this high-severity issue.

OpenSSL's PKCS#7 signature verification fails to validate ASN1_TYPE union members before access, allowing attackers to trigger null pointer dereference crashes by submitting malformed PKCS#7 data. Applications performing signature verification or using PKCS7_digest_from_attributes() directly are vulnerable to denial of service attacks. A patch is available to address this type confusion vulnerability.

Processing a malformed PKCS#12 file in OpenSSL and related TLS libraries can trigger a null pointer dereference due to improper type validation in ASN.1 parsing, causing applications to crash. This vulnerability requires local user interaction to exploit and results only in denial of service, with no impact on data confidentiality or integrity. A patch is available to address this medium-severity issue.

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. [CVSS 7.5 HIGH]

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. [CVSS 7.5 HIGH]

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. [CVSS 7.4 HIGH]

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. [CVSS 4.7 MEDIUM]

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. [CVSS 5.9 MEDIUM]

A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service.

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. [CVSS 5.5 MEDIUM]

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive [CVSS 5.5 MEDIUM]

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. [CVSS 5.9 MEDIUM]

OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD parameters, enabling potential RCE.

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. [CVSS 6.1 MEDIUM]