Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,106)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-20014 1Cisco 1Nexus Dashboard Nov 21, 2024 Mar 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper proces...Show more A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.Show less
CVE-2022-41724 1Golang 1Go Nov 21, 2024 Feb 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This a...Show more Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).Show less
CVE-2023-23689 1Dell 8A2000 Firmware A200 FirmwareF800 Firmware+5 more Nov 21, 2024 Feb 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host...Show more Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service. Show less
CVE-2022-20455 1Google 1Android Mar 21, 2025 Feb 28, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User i...Show more In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431Show less
CVE-2023-23524 1Apple 5Ipados Iphone OsMacos+2 more Mar 18, 2025 Feb 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate...Show more A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.Show less
CVE-2023-26104 1Lite Web Server Project 1Lite Web Server Mar 11, 2025 Feb 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
CVE-2023-25816 1Nextcloud 1Nextcloud Server Nov 21, 2024 Feb 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on pas...Show more Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available. Show less
CVE-2023-23296 1Korenix 15Jetwave 2111 Firmware Jetwave 2111l FirmwareJetwave 2114 Firmware+12 more Mar 17, 2025 Feb 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
CVE-2023-23009 2Debian Libreswan 2Debian Linux Libreswan Mar 17, 2025 Feb 21, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
CVE-2023-0662 1Php 1Php Feb 13, 2025 Feb 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of serv...Show more In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.Show less
CVE-2023-24580 2Debian Djangoproject 2Debian Linux Django Mar 18, 2025 Feb 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in...Show more An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.Show less
CVE-2023-0518 1Gitlab 1Gitlab Mar 21, 2025 Feb 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigg...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.Show less
CVE-2022-3759 1Gitlab 1Gitlab Mar 21, 2025 Feb 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.Show less
CVE-2022-3411 1Gitlab 1Gitlab Mar 21, 2025 Feb 13, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL whic...Show more A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.Show less
CVE-2022-47370 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-47356 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In log service, there is a missing permission check. This could lead to local denial of service in log service.
CVE-2022-47355 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In log service, there is a missing permission check. This could lead to local denial of service in log service.
CVE-2022-47354 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In log service, there is a missing permission check. This could lead to local denial of service in log service.
CVE-2022-40513 1Qualcomm 59Csr8811 Firmware Ipq5010 FirmwareIpq5018 Firmware+56 more Nov 21, 2024 Feb 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.
CVE-2022-38674 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Previous 1...848586...156 Next