Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-21575 1Oracle 2Mysql Cluster Mysql Server Nov 3, 2025 Apr 15, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low pri...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2025-21574 1Oracle 2Mysql Cluster Mysql Server Nov 3, 2025 Apr 15, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low pri...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2023-42983 1Apple 1Macos Jun 9, 2025 Apr 11, 2025 N/A· v4 6.4 MEDIUM· v3 N/A· v2 Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.
CVE-2025-27081 - - Apr 11, 2025 Apr 10, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.
CVE-2025-27486 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jul 8, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27485 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jul 8, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27473 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 8, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
CVE-2025-27470 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jul 8, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27469 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 8, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-26680 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jul 9, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26673 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 9, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-26652 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jul 10, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26641 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 10, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
CVE-2025-21174 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jul 8, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2024-52981 1Elastic 1Elasticsearch Oct 2, 2025 Apr 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
CVE-2024-52980 1Elastic 1Elasticsearch Sep 30, 2025 Apr 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malic...Show more A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.Show less
CVE-2024-52974 1Elastic 1Kibana Sep 30, 2025 Apr 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observabilit...Show more An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them.Show less
CVE-2025-29478 1Treasuredata 1Fluent Bit Dec 8, 2025 Apr 7, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
CVE-2025-29477 1Treasuredata 1Fluent Bit Dec 8, 2025 Apr 4, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.
CVE-2024-56528 1Snowplow 1Stream Collector Apr 15, 2025 Apr 3, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unres...Show more This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.Show less

Previous 1...383940...155 Next