Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,098)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-0581 1Sandsprite 1Scdbg Nov 21, 2024 Jan 16, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' paramet...Show more An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan.Show less
CVE-2023-52098 1Huawei 2Emui Harmonyos Jun 11, 2025 Jan 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.
CVE-2023-52113 1Huawei 2Emui Harmonyos Jun 20, 2025 Jan 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.
CVE-2024-22362 1Drupal 1Drupal Jun 20, 2025 Jan 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
CVE-2024-21655 1Discourse 1Discourse Nov 21, 2024 Jan 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also oft...Show more Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.Show less
CVE-2023-48297 1Discourse 1Discourse Nov 21, 2024 Jan 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1....Show more Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. Show less
CVE-2023-34061 1Pivotal 2Cloud Foundry Deployment Cloud Foundry Routing Release Jun 3, 2025 Jan 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availabili...Show more Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. Show less
CVE-2023-49295 1Quic Go Project 1Quic Go Nov 21, 2024 Jan 10, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to res...Show more quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4.Show less
CVE-2023-42941 1Apple 2Ipados Iphone Os Jun 16, 2025 Jan 10, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packet...Show more The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.Show less
CVE-2024-0348 1Engineers Online Portal Project 1Engineers Online Portal Nov 21, 2024 Jan 9, 2024 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource con...Show more A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.Show less
CVE-2024-20672 1Microsoft 1.net Mar 28, 2025 Jan 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 .NET Denial of Service Vulnerability
CVE-2024-20661 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Dec 31, 2024 Jan 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2024-22164 1Splunk 1Enterprise Security Jun 3, 2025 Jan 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size o...Show more In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.Show less
CVE-2024-21651 1Xwiki 1Xwiki Nov 21, 2024 Jan 9, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times header...Show more XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1. Show less
CVE-2023-50121 1Autelrobotics 1Evo Nano Drone Firmware Apr 17, 2025 Jan 6, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).
CVE-2023-34324 2Linux Xen 2Linux Kernel Xen Nov 4, 2025 Jan 5, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an un...Show more Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).Show less
CVE-2024-0241 1Diaconou 1Encodedid\ May 14, 2026 Jan 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request...Show more encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.Show less
CVE-2023-42358 1O Ran Sc 1Ric Plt E2mgr Jun 18, 2025 Jan 3, 2024 N/A· v4 7.7 HIGH· v3 N/A· v2 An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.
CVE-2023-49557 1Yasm Project 1Yasm Jun 18, 2025 Jan 3, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
CVE-2023-49555 1Yasm Project 1Yasm Jun 17, 2025 Jan 3, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.

Previous 1...656667...155 Next