Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21219 1Oracle 1Mysql Nov 3, 2025 Oct 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allow...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2024-21218 1Oracle 1Mysql Nov 3, 2025 Oct 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows hig...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2024-21207 1Oracle 1Mysql Mar 13, 2025 Oct 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows hig...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2024-21204 1Oracle 1Mysql Mar 13, 2025 Oct 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wi...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2024-21203 1Oracle 1Mysql Nov 3, 2025 Oct 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allow...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2024-21196 1Oracle 1Mysql Nov 3, 2025 Oct 15, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2024-21194 1Oracle 1Mysql Nov 3, 2025 Oct 15, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows hig...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2024-45736 1Splunk 2Splunk Splunk Cloud Platform Oct 16, 2024 Oct 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk ro...Show more In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).Show less
CVE-2024-8184 1Eclipse 1Jetty Nov 3, 2025 Oct 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attack...Show more There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.Show less
CVE-2024-6762 1Eclipse 1Jetty Nov 3, 2025 Oct 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
CVE-2024-9823 2Eclipse Netapp 3Active Iq Unified Manager Bootstrap OsJetty Nov 3, 2025 Oct 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests...Show more There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.Show less
CVE-2024-47497 1Juniper 1Junos Jan 26, 2026 Oct 11, 2024 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Den...Show more An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive \| match mgd \| count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2.Show less
CVE-2024-7294 1Progress 1Telerik Reporting Oct 15, 2024 Oct 9, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
CVE-2024-43575 1Microsoft 4Windows Server 2016 Windows Server 2019Windows Server 2022+1 more Oct 16, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43545 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 17, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
CVE-2024-43544 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 17, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
CVE-2024-43541 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 17, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
CVE-2024-43515 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 17, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
CVE-2024-43506 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 17, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 BranchCache Denial of Service Vulnerability
CVE-2024-38149 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 22, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 BranchCache Denial of Service Vulnerability

Previous 1...474849...155 Next