Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,099)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4486 1Johnsoncontrols 10F4 Snc Firmware Nae55 FirmwareSnc16120 04 Firmware+7 more Nov 21, 2024 Dec 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4...Show more Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. Show less
CVE-2023-35909 1Ninjaforms 1Ninja Forms Apr 28, 2026 Dec 7, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop For...Show more Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.Show less
CVE-2023-48840 1Phpjabbers 1Appointment Scheduler Nov 21, 2024 Dec 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.
CVE-2023-48834 1Phpjabbers 1Car Rental Script May 28, 2025 Dec 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.
CVE-2023-48833 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Dec 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.
CVE-2023-48831 1Phpjabbers 1Availability Booking Calendar Nov 21, 2024 Dec 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.
CVE-2023-6180 1Cloudflare 1Boring Nov 21, 2024 Dec 5, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not...Show more The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. Show less
CVE-2023-39248 1Dell 1Networking Os10 Nov 21, 2024 Dec 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can...Show more Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. Show less
CVE-2023-49290 1Lestrrat Go 1Jwx Nov 21, 2024 Dec 5, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key...Show more lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-47633 1Traefik 1Traefik Nov 21, 2024 Dec 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integratio...Show more Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-40692 1Ibm 1Db2 Nov 21, 2024 Dec 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.
CVE-2023-5915 1Yokogawa 2Stardom Fcj Firmware Stardom Fcn Firmware Nov 21, 2024 Dec 1, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to t...Show more A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31. Show less
CVE-2023-48951 1Openlinksw 1Virtuoso Jun 5, 2025 Nov 29, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-48713 1Knative 1Serving Nov 21, 2024 Nov 28, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metr...Show more Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.Show less
CVE-2023-48369 1Mattermost 1Mattermost Nov 21, 2024 Nov 27, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.
CVE-2023-48268 1Mattermost 1Mattermost Nov 21, 2024 Nov 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by impo...Show more Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb). Show less
CVE-2023-40703 1Mattermost 1Mattermost Nov 21, 2024 Nov 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the fie...Show more Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. Show less
CVE-2023-6277 2Fedoraproject Libtiff 2Fedora Libtiff Nov 21, 2024 Nov 24, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
CVE-2023-33202 1Bouncycastle 2Bouncy Castle For Java Fips Java Api Aug 18, 2025 Nov 23, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 cert...Show more Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)Show less
CVE-2023-41102 1Opennds 1Opennds Nov 21, 2024 Nov 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption o...Show more An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.Show less

Previous 1...676869...155 Next