Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,105)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-22874 1Ibm 1Mq Appliance Nov 21, 2024 May 5, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.
CVE-2023-24594 1F5 20Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+17 more Nov 21, 2024 May 3, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (Eo...Show more When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2023-28882 1Owasp 1Modsecurity Jul 3, 2025 Apr 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
CVE-2023-30408 1Jerryscript 1Jerryscript Feb 5, 2025 Apr 24, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.
CVE-2023-30406 1Jerryscript 1Jerryscript Feb 5, 2025 Apr 24, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.
CVE-2023-29479 1Ribose 1Rnp Nov 21, 2025 Apr 24, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Ribose RNP before 0.16.3 may hang when the input is malformed.
CVE-2023-30798 1Encode 1Starlette Nov 21, 2024 Apr 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage...Show more There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.Show less
CVE-2023-27652 1Egostudiogroup 1Super Clean Feb 5, 2025 Apr 20, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file.
CVE-2022-24109 1Opennetworking 1Onos Feb 5, 2025 Apr 20, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow r...Show more An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.Show less
CVE-2022-24035 1Opennetworking 1Onos Feb 5, 2025 Apr 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failu...Show more An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.Show less
CVE-2023-0384 1M Files 1M Files Server Feb 23, 2026 Apr 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.
CVE-2023-0383 1M Files 1M Files Server Feb 23, 2026 Apr 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.
CVE-2023-21090 1Google 1Android Feb 5, 2025 Apr 19, 2023 N/A· v4 5.0 MEDIUM· v3 N/A· v2 In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is...Show more In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942609Show less
CVE-2023-28440 1Discourse 1Discourse Nov 21, 2024 Apr 18, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the great...Show more Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-26048 1Eclipse 1Jetty Nov 21, 2024 Apr 18, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getP...Show more Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).Show less
CVE-2023-21996 1Oracle 1Weblogic Server Nov 21, 2024 Apr 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabilit...Show more Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2023-21964 1Oracle 1Weblogic Server Nov 21, 2024 Apr 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows...Show more Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2023-21925 1Oracle 1Health Sciences Inform Nov 21, 2024 Apr 18, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vu...Show more Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).Show less
CVE-2023-30769 1Dogecoin 1Dogecoin Nov 21, 2024 Apr 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getad...Show more Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.Show less
CVE-2022-40946 1Dlink 1Dir 819 Firmware Feb 6, 2025 Apr 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.

Previous 1...808182...156 Next