Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,099)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-26144 1Graphql 1Graphql Nov 21, 2024 Sep 20, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerab...Show more Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven that this vulnerability can crash the process.Show less
CVE-2020-24089 1Iobit 1Malware Fighter Nov 21, 2024 Sep 20, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).
CVE-2022-47556 1Ormazabal 2Ekorccp Firmware Ekorrci Firmware Nov 21, 2024 Sep 19, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to ca...Show more Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device.Show less
CVE-2023-42523 1Withsecure 7Atlant Client SecurityElements Endpoint Protection+4 more Nov 21, 2024 Sep 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSe...Show more Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.Show less
CVE-2023-42522 1Withsecure 7Atlant Client SecurityElements Endpoint Protection+4 more Nov 21, 2024 Sep 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Serve...Show more Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.Show less
CVE-2023-42521 1Withsecure 7Atlant Client SecurityElements Endpoint Protection+4 more Nov 21, 2024 Sep 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 1...Show more Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.Show less
CVE-2023-42526 1Withsecure 7Atlant Client SecurityElements Endpoint Protection+4 more Nov 21, 2024 Sep 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Securi...Show more Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.Show less
CVE-2023-42520 1Withsecure 7Atlant Client SecurityElements Endpoint Protection+4 more Nov 21, 2024 Sep 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 1...Show more Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.Show less
CVE-2023-37263 1Strapi 1Strapi Nov 21, 2024 Sep 15, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows...Show more Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.Show less
CVE-2023-32665 1Gnome 1Glib Nov 21, 2024 Sep 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVE-2023-32636 1Gnome 1Glib Nov 21, 2024 Sep 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very sl...Show more A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.Show less
CVE-2023-32611 1Gnome 1Glib Nov 21, 2024 Sep 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVE-2023-29499 1Gnome 1Glib Nov 21, 2024 Sep 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CVE-2023-42503 1Apache 1Commons Compress Feb 13, 2025 Sep 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade...Show more Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption. In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values. Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5]. [1]: https://issues.apache.org/jira/browse/COMPRESS-612 [2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 [3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html [4]: https://bugs.openjdk.org/browse/JDK-6560193 [5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.Show less
CVE-2023-26141 1Contribsys 1Sidekiq Nov 21, 2024 Sep 14, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStora...Show more Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.Show less
CVE-2023-38162 1Microsoft 4Windows Server 2012 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Sep 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 DHCP Server Service Denial of Service Vulnerability
CVE-2023-38149 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Apr 8, 2025 Sep 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows TCP/IP Denial of Service Vulnerability
CVE-2023-36799 1Microsoft 2.net Visual Studio 2022 Nov 21, 2024 Sep 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2022-4896 1Cbm 1Control De Ciber Nov 21, 2024 Sep 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be...Show more Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.Show less
CVE-2022-48475 1Cbm 1Control De Ciber Nov 21, 2024 Sep 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the prin...Show more Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request.Show less

Previous 1...727374...155 Next