Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,106)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-40946 1Dlink 1Dir 819 Firmware Feb 6, 2025 Apr 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.
CVE-2021-39295 1Openbmc Project 1Openbmc Feb 6, 2025 Apr 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.
CVE-2023-29013 1Traefik 1Traefik Feb 13, 2025 Apr 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could al...Show more Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.Show less
CVE-2023-27643 1Powerampapp 1Poweramp Feb 10, 2025 Apr 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library
CVE-2023-30635 1Tikv 1Tikv Feb 7, 2025 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver.
CVE-2023-20863 1Vmware 1Spring Framework Feb 7, 2025 Apr 13, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2023-1994 3Debian FedoraprojectWireshark 3Debian Linux FedoraWireshark Nov 3, 2025 Apr 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
CVE-2023-24545 1Arista 1Cloudeos Nov 21, 2024 Apr 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buf...Show more On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.Show less
CVE-2023-1992 3Debian FedoraprojectWireshark 3Debian Linux FedoraWireshark Nov 3, 2025 Apr 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
CVE-2023-28217 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Apr 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2023-24860 1Microsoft 1Malware Protection Engine Feb 28, 2025 Apr 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Defender Denial of Service Vulnerability
CVE-2023-29185 1Sap 1Netweaver As Abap Business Server Pages Nov 21, 2024 Apr 11, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain...Show more SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction. Show less
CVE-2023-28763 1Sap 1Netweaver Application Server Abap Nov 21, 2024 Apr 11, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can...Show more SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction. Show less
CVE-2023-27191 1Dualspace 1Super Security Feb 11, 2025 Apr 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files.
CVE-2023-24534 1Golang 1Go Feb 12, 2025 Apr 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to...Show more HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.Show less
CVE-2023-1787 1Gitlab 1Gitlab Feb 10, 2025 Apr 5, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in...Show more An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.Show less
CVE-2023-1071 1Gitlab 1Gitlab Feb 10, 2025 Apr 5, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it...Show more An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.Show less
CVE-2023-1733 1Gitlab 1Gitlab Feb 10, 2025 Apr 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.
CVE-2023-28342 1Zohocorp 1Manageengine Adselfservice Plus Feb 13, 2025 Apr 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
CVE-2023-20051 1Cisco 1Packet Data Network Gateway Nov 21, 2024 Apr 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vul...Show more A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).Show less

Previous 1...818283...156 Next