CWE-400
Uncontrolled Resource Consumption
Description
The product does not properly control the allocation and maintenance of a limited resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-147 · CAPEC-227 · CAPEC-492
CVEs mapped to this weakness (1,853)
page 11 of 93| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2586 | Hig | 0.49 | 7.5 | 0.00 | Mar 31, 2025 | A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system… | ||
| CVE-2025-25374 | Hig | 0.49 | 7.5 | 0.01 | Mar 25, 2025 | In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. | ||
| CVE-2024-9229 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server… | ||
| CVE-2024-9056 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character,… | ||
| CVE-2024-12886 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the… | ||
| CVE-2024-12761 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | A Denial of Service (DoS) vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. The vulnerability is present in the `/api/stablestudio/generate` endpoint, which can be exploited by sending an invalid request. This causes the server process to terminate… | ||
| CVE-2024-11043 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload,… | ||
| CVE-2024-10821 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end… | ||
| CVE-2024-10713 | Hig | 0.49 | 7.5 | 0.00 | Mar 20, 2025 | A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart… | ||
| CVE-2024-57081 | Hig | 0.49 | 7.5 | 0.00 | Feb 5, 2025 | A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||
| CVE-2024-57076 | Hig | 0.49 | 7.5 | 0.00 | Feb 5, 2025 | A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||
| CVE-2024-57074 | Hig | 0.49 | 7.5 | 0.00 | Feb 5, 2025 | A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||
| CVE-2024-24424 | Hig | 0.49 | 7.5 | 0.00 | Jan 21, 2025 | A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||
| CVE-2024-50953 | Hig | 0.49 | 7.5 | 0.00 | Jan 15, 2025 | An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message. | ||
| CVE-2024-54730 | Hig | 0.49 | 7.5 | 0.00 | Jan 14, 2025 | Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function. | ||
| CVE-2024-56200 | Hig | 0.49 | 8.6 | 0.01 | Dec 19, 2024 | Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server… | ||
| CVE-2024-48989 | Hig | 0.49 | 7.5 | 0.01 | Nov 13, 2024 | A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | ||
| CVE-2024-47850 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2024 | CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be… | ||
| CVE-2024-43647 | Hig | 0.49 | 7.5 | 0.01 | Sep 10, 2024 | A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20… | ||
| CVE-2024-21526 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash. |
- risk 0.49cvss 7.5epss 0.00
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system…
- risk 0.49cvss 7.5epss 0.01
In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service.
- risk 0.49cvss 7.5epss 0.01
A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server…
- risk 0.49cvss 7.5epss 0.01
BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character,…
- risk 0.49cvss 7.5epss 0.01
An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the…
- risk 0.49cvss 7.5epss 0.01
A Denial of Service (DoS) vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. The vulnerability is present in the `/api/stablestudio/generate` endpoint, which can be exploited by sending an invalid request. This causes the server process to terminate…
- risk 0.49cvss 7.5epss 0.01
A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload,…
- risk 0.49cvss 7.5epss 0.01
A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end…
- risk 0.49cvss 7.5epss 0.00
A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart…
- risk 0.49cvss 7.5epss 0.00
A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
- risk 0.49cvss 7.5epss 0.00
A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
- risk 0.49cvss 7.5epss 0.00
A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
- risk 0.49cvss 7.5epss 0.00
A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
- risk 0.49cvss 7.5epss 0.00
An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message.
- risk 0.49cvss 7.5epss 0.00
Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.
- risk 0.49cvss 8.6epss 0.01
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.
- risk 0.49cvss 7.5epss 0.01
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be…
- risk 0.49cvss 7.5epss 0.01
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20…
- risk 0.49cvss 7.5epss 0.01
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.