Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,106)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-21547 1Microsoft 9Windows 10 1607 Windows 10 1809Windows 10 21h2+6 more Nov 21, 2024 Jan 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
CVE-2023-21543 1Microsoft 15Windows 10 1607 Windows 10 1809Windows 10 20h2+12 more Nov 21, 2024 Jan 10, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
CVE-2021-32821 1Mootools 1Mootools Nov 21, 2024 Jan 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an...Show more MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.Show less
CVE-2022-46740 1Huawei 1Ws7100 20 Firmware Apr 11, 2025 Dec 28, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 There is a denial of service vulnerability in the Wi-Fi module of the HUAWEI WS7100-20 Smart WiFi Router.Successful exploit could cause a denial of service (DoS) condition.
CVE-2022-3064 1Yaml Project 1Yaml Apr 14, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
CVE-2019-25072 1Tendermint 1Tendermint Apr 11, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a d...Show more Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.Show less
CVE-2022-4767 1Usememos 1Memos Nov 21, 2024 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Denial of Service in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-24118 1Ge 8Inet 900 Firmware Inet Ii 900 FirmwareSd1 Firmware+5 more Apr 12, 2025 Dec 26, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0....Show more Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.Show less
CVE-2022-47934 1Brave 1Brave Apr 15, 2025 Dec 24, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CV...Show more Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.Show less
CVE-2022-47932 1Brave 1Brave Apr 15, 2025 Dec 24, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.
CVE-2022-28229 1Userver 1Userver Apr 15, 2025 Dec 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions.
CVE-2022-39164 1Ibm 2Aix Vios Nov 21, 2024 Dec 23, 2022 N/A· v4 6.2 MEDIUM· v3 N/A· v2 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.
CVE-2022-39165 1Ibm 2Aix Vios Nov 21, 2024 Dec 23, 2022 N/A· v4 6.2 MEDIUM· v3 N/A· v2 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.
CVE-2022-40899 1Pythoncharmers 1Python Future Apr 15, 2025 Dec 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
CVE-2020-26302 1Is.js Project 1Is.js Nov 21, 2024 Dec 22, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist t...Show more is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop “forever." This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.Show less
CVE-2022-42929 1Mozilla 3Firefox Firefox EsrThunderbird Apr 15, 2025 Dec 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability a...Show more If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.Show less
CVE-2020-36620 1Enumstringvalues Project 1Enumstringvalues Nov 21, 2024 Dec 21, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExt...Show more A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.Show less
CVE-2022-46315 1Huawei 1Harmonyos Apr 17, 2025 Dec 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-46399 1Microchip 14Bm64 Firmware Bm70 FirmwareBm71 Firmware+11 more Apr 17, 2025 Dec 19, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.
CVE-2022-23524 1Helm 1Helm Nov 21, 2024 Dec 15, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ pack...Show more Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.Show less

Previous 1...878889...156 Next