Filtered by CWE-770
Total 1346 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-32873 1 Djangoproject 1 Django 2025-06-17 5.3 Medium
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
CVE-2025-29957 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-06-17 6.2 Medium
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
CVE-2025-29954 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-06-17 5.9 Medium
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-26677 1 Microsoft 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more 2025-06-17 7.5 High
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVE-2025-32049 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-06-17 7.5 High
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2024-21634 2 Amazon, Redhat 2 Ion, Jboss Enterprise Application Platform 2025-06-16 7.5 High
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.
CVE-2025-4432 1 Redhat 5 Enterprise Linux, Openshift, Satellite and 2 more 2025-06-16 5.3 Medium
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
CVE-2024-43567 1 Microsoft 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more 2025-06-16 7.5 High
Windows Hyper-V Denial of Service Vulnerability
CVE-2023-47717 1 Ibm 1 Security Guardium 2025-06-13 4.4 Medium
IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.
CVE-2025-49140 2025-06-12 7.5 High
Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen > 0 && padLen <= payloadLength` and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload.
CVE-2025-48053 2025-06-12 N/A
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available.
CVE-2025-1478 1 Gitlab 1 Gitlab 2025-06-12 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.
CVE-2025-1516 1 Gitlab 1 Gitlab 2025-06-12 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.
CVE-2025-5996 1 Gitlab 1 Gitlab 2025-06-12 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.
CVE-2021-42142 1 Contiki-ng 1 Tinydtls 2025-06-11 8.2 High
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.
CVE-2025-3050 1 Ibm 1 Db2 2025-06-09 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.
CVE-2021-33910 5 Debian, Fedoraproject, Netapp and 2 more 8 Debian Linux, Fedora, Hci Management Node and 5 more 2025-06-09 5.5 Medium
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
CVE-2018-16864 5 Canonical, Debian, Oracle and 2 more 16 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 13 more 2025-06-09 7.8 High
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
CVE-2018-16865 5 Canonical, Debian, Oracle and 2 more 16 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 13 more 2025-06-09 7.8 High
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
CVE-2020-11080 7 Debian, Fedoraproject, Nghttp2 and 4 more 16 Debian Linux, Fedora, Nghttp2 and 13 more 2025-06-09 3.7 Low
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.