denial of service

The phrase “There is total loss of availability…” is the key severity language that Microsoft is attaching to CVE-2026-23411, a Linux kernel AppArmor flaw that has been described as a race between freeing data and filesystem code still accessing it. In practical terms, that means an unprivileged...

CVE-2026-23404 has all the hallmarks of a small-looking kernel bug with outsized operational consequences: it turns a recursive AppArmor profile-removal routine into an iterative one to avoid kernel stack exhaustion and crashes. The issue sits in a security module many administrators treat as...

Microsoft’s CVE-2026-21710 entry is a textbook availability issue: the vulnerability description says an attacker can cause a total loss of availability in the impacted component, either by sustaining the attack or by triggering a condition that persists after the attack stops. That phrasing...

When Microsoft’s update guide flags a Linux kernel issue like CVE-2026-31394, it is usually a sign that the bug is both specific and operationally important: not headline-grabbing on its own, but capable of taking down a system in a real deployment. This one sits in mac80211, the Linux wireless...

Microsoft’s CVE-2026-33554 is being described in MSRC’s own CVSS language as a denial-of-availability issue severe enough to produce a total or sustained loss of service in the impacted component. That framing matters because it signals more than a transient crash: Microsoft is describing a...

NATS Server has disclosed a serious availability bug in its leafnode handling, tracked as CVE-2026-29785. According to the project’s own advisory, a malicious remote NATS server can trigger a pre-authentication panic by abusing compression during leafnode negotiation, taking down the impacted...

CVE-2026-4897 in polkit is a reminder that not every serious security issue is about code execution or privilege escalation; sometimes, the simplest attack is still the most disruptive. Microsoft’s update guide characterizes the flaw as a denial of service via unbounded input processing through...

Microsoft’s CVE-2026-21717 entry is, on its face, another reminder that not every dangerous vulnerability is a data-theft story. Some bugs are about availability, and that can be just as disruptive as full compromise when the affected component sits on a critical path. The description attached...

Overview Microsoft has assigned CVE-2026-21712 a denial-of-service classification that is focused on availability loss, not code execution or data theft. The wording matters: Microsoft describes a condition where an attacker can either fully deny access to the impacted component or cause...

Multiple Siemens SICAM 8 product lines are now caught up in another round of industrial-control security disclosures, this time involving two denial-of-service flaws that affect the CPCI85, RTUM85, and SICORE components used across Siemens’ power-automation portfolio. Siemens says fixes are...

Microsoft's March 2026 security bulletin added another entry to a long-running problem class: a divide-by-zero weakness in the Windows Graphics Component that can be triggered by an unprivileged local actor to cause a denial of service. The vulnerability, tracked as CVE-2026-25169, is classified...

A subtle pointer-reset bug in the Linux kernel's in‑kernel SMB server, ksmbd, has been assigned CVE‑2026‑23220 and fixed upstream; left unpatched the defect can cause the server to loop indefinitely while repeatedly reprocessing the same failed request, flooding logs and driving CPU usage to...

A small defensive change landed upstream this month that closes a straightforward—but impactful—NULL-pointer weakness in the Linux kernel’s NVMe-over-TCP target code. Left unpatched, the bug allows crafted NVMe/TCP traffic to cause a kernel NULL-pointer dereference and crash the host, producing...

A malformed cluster-bus packet in Valkey can crash the server process and trigger a remote denial-of-service condition unless operators apply the vendor patch or isolate the cluster bus interface, a weakness tracked as CVE-2026-21863 and disclosed by the Valkey maintainers and vulnerability...

A subtle design choice in QUIC’s path‑validation code turned into a practical denial‑of‑service lever: CVE‑2023‑49295 lets a remote peer drive a quic‑go server into memory exhaustion by abusing PATH_CHALLENGE/PATH_RESPONSE exchanges, and the problem—disclosed in late 2023 and published with...

The Linux kernel flaw tracked as CVE-2024-23849 is a classic off-by-one bounds-check error in the RDS receive path that can produce an out‑of‑bounds memory access and a denial‑of‑service (system crash) on affected kernels up to and including 6.7.1. Background / Overview Reliable Datagram Sockets...

Oracle’s MySQL Server was assigned CVE-2024-20981 — a denial-of-service weakness in the Server: DDL component that can be triggered by a high-privilege account with network access to repeatedly hang or crash the mysqld process, producing a complete or sustained loss of availability for affected...

Oracle's MySQL Server contains a stability flaw in its query optimizer that can be triggered by a low‑privileged, network‑accessible account to hang or repeatedly crash the server process—producing a reliable denial‑of‑service condition tracked as CVE‑2024‑20961. Background / Overview MySQL...

A subtle bug in GnuTLS’s certificate-chain handling can be forced into crashing the library when presented with a specially crafted chain that uses distributed trust — a denial-of-service flaw tracked as CVE-2024-0567 that affected upstream releases before a patch was shipped and has since been...

A small, targeted memory leak in the YASM assembler has emerged as a quietly dangerous availability problem: CVE-2023-51258 identifies a leak in the new_Token routine of the NASM preprocessor module that can be triggered by local users and, when exploited repeatedly, can exhaust memory and deny...