Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,098)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21386 1Microsoft 2Asp.net Core Visual Studio 2022 Nov 21, 2024 Feb 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 .NET Denial of Service Vulnerability
CVE-2024-21342 1Microsoft 3Windows 11 22h2 Windows 11 23h2Windows Server 2022 23h2 Nov 21, 2024 Feb 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows DNS Client Denial of Service Vulnerability
CVE-2024-24781 1Hima 13F Com 01 Firmware F Cpu 01 FirmwareF30 03x Yy (com) Firmware+10 more Nov 21, 2024 Feb 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port.
CVE-2024-1309 1Honeywell 1Niagara Framework Nov 22, 2024 Feb 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.
CVE-2024-25112 1Exiv2 1Exiv2 Nov 21, 2024 Feb 12, 2024 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to...Show more Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-6681 3Fedoraproject LatchsetRedhat 6Enterprise Linux Enterprise Linux For Arm 64Enterprise Linux For Ibm Z Systems+3 more Nov 21, 2024 Feb 12, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result...Show more A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.Show less
CVE-2023-41707 1Open Xchange 1Open Xchange Appsuite Nov 4, 2025 Feb 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail...Show more Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.Show less
CVE-2023-41706 1Open Xchange 1Open Xchange Appsuite Nov 4, 2025 Feb 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please...Show more Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.Show less
CVE-2023-41705 1Open Xchange 1Open Xchange Appsuite Nov 4, 2025 Feb 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV u...Show more Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.Show less
CVE-2024-25718 1Dropbox 1Samly Nov 21, 2024 Feb 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it,...Show more In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.Show less
CVE-2024-23323 1Envoyproxy 1Envoy Nov 21, 2024 Feb 9, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such match...Show more Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2024-1402 1Mattermost 1Mattermost Server Nov 21, 2024 Feb 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent cus...Show more Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post. Show less
CVE-2024-25452 1Axiosys 1Bento4 Nov 21, 2024 Feb 9, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.
CVE-2024-25451 1Axiosys 1Bento4 Jun 12, 2025 Feb 9, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.
CVE-2024-0842 1Softaculous 1Backuply Apr 8, 2026 Feb 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restore_ins.php file and...Show more The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.Show less
CVE-2024-22332 1Ibm 1Integration Bus Nov 21, 2024 Feb 9, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.
CVE-2023-32341 1Ibm 1Sterling B2b Integrator Nov 21, 2024 Feb 9, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.
CVE-2024-24575 1Libgit2 1Libgit2 Nov 21, 2024 Feb 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single...Show more libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.Show less
CVE-2024-24943 1Jetbrains 1Toolbox Nov 21, 2024 Feb 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
CVE-2023-22819 1Westerndigital 12My Cloud Dl2100 Firmware My Cloud Dl4100 FirmwareMy Cloud Ex2100 Firmware+9 more Nov 21, 2024 Feb 5, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was...Show more An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.Show less

Previous 1...636465...155 Next