Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,106)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2741 1Zephyrproject 1Zephyr Nov 21, 2024 Oct 31, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this...Show more The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).Show less
CVE-2022-40617 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraStormshield Network Security+2 more May 6, 2025 Oct 31, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server...Show more strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.Show less
CVE-2022-39330 1Nextcloud 2Nextcloud Enterprise Server Nextcloud Server Nov 21, 2024 Oct 27, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, a...Show more Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.Show less
CVE-2022-43766 1Apache 1Iotdb May 7, 2025 Oct 26, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this i...Show more Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.Show less
CVE-2022-3639 1Gitlab 1Gitlab May 7, 2025 Oct 21, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data han...Show more A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.Show less
CVE-2022-41833 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 Oct 19, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
CVE-2022-41806 1F5 1Big Ip Advanced Firewall Manager Nov 21, 2024 Oct 19, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an incr...Show more In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.Show less
CVE-2022-41770 1F5 12Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+9 more Nov 21, 2024 Oct 19, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can...Show more In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.Show less
CVE-2020-15853 1Fedoraproject 1Supybot Fedora May 13, 2025 Oct 18, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time.
CVE-2022-3517 3Debian FedoraprojectMinimatch Project 3Debian Linux FedoraMinimatch May 13, 2025 Oct 17, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
CVE-2022-3283 1Gitlab 1Gitlab May 13, 2025 Oct 17, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issu...Show more A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.Show less
CVE-2022-2931 1Gitlab 1Gitlab May 13, 2025 Oct 17, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to...Show more A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.Show less
CVE-2022-2455 1Gitlab 1Gitlab May 13, 2025 Oct 17, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed a...Show more A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.Show less
CVE-2022-39128 1Google 1Android May 14, 2025 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39127 1Google 1Android May 14, 2025 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39126 1Google 1Android May 14, 2025 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39125 1Google 1Android May 14, 2025 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39124 1Google 1Android May 14, 2025 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39123 1Google 1Android May 14, 2025 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-38687 1Google 1Android May 15, 2025 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.

Previous 1...909192...156 Next