CWE-400
Uncontrolled Resource Consumption
Description
The product does not properly control the allocation and maintenance of a limited resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-147 · CAPEC-227 · CAPEC-492
CVEs mapped to this weakness (1,853)
page 12 of 93| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21523 | — | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values… | |
| CVE-2024-21521 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash. | ||
| CVE-2023-51847 | Hig | 0.49 | 7.5 | 0.01 | Jun 6, 2024 | An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component. | ||
| CVE-2023-30311 | — | Hig | 0.49 | 7.5 | 0.00 | May 28, 2024 | An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |
| CVE-2024-34953 | — | Hig | 0.49 | 7.5 | 0.01 | May 20, 2024 | An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file | |
| CVE-2024-5055 | Hig | 0.49 | 7.5 | 0.00 | May 17, 2024 | Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. | ||
| CVE-2024-5052 | Hig | 0.49 | 7.5 | 0.00 | May 17, 2024 | Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. | ||
| CVE-2024-21823 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2024 | Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access | ||
| CVE-2022-32508 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||
| CVE-2024-4438 | Hig | 0.49 | 7.5 | 0.01 | May 8, 2024 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one… | ||
| CVE-2024-4437 | Hig | 0.49 | 7.5 | 0.01 | May 8, 2024 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux… | ||
| CVE-2024-4436 | Hig | 0.49 | 7.5 | 0.01 | May 8, 2024 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux… | ||
| CVE-2024-4599 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2024 | Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. | ||
| CVE-2023-50685 | Hig | 0.49 | 7.5 | 0.01 | May 2, 2024 | An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter. | ||
| CVE-2024-25355 | — | Hig | 0.49 | 7.5 | 0.01 | May 1, 2024 | s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component. | |
| CVE-2024-34045 | Hig | 0.49 | 7.5 | 0.01 | Apr 30, 2024 | The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). | ||
| CVE-2024-32269 | Hig | 0.49 | 7.5 | 0.01 | Apr 29, 2024 | An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet. | ||
| CVE-2023-6596 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 25, 2024 | An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers. | |
| CVE-2024-26369 | Hig | 0.49 | 7.5 | 0.01 | Mar 19, 2024 | An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data. | ||
| CVE-2024-23744 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2024 | An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. |
- risk 0.49cvss 7.5epss 0.01
All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values…
- risk 0.49cvss 7.5epss 0.01
All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.
- risk 0.49cvss 7.5epss 0.01
An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component.
- risk 0.49cvss 7.5epss 0.00
An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service.
- risk 0.49cvss 7.5epss 0.01
An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file
- risk 0.49cvss 7.5epss 0.00
Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.
- risk 0.49cvss 7.5epss 0.00
Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.
- risk 0.49cvss 7.5epss 0.00
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.
- risk 0.49cvss 7.5epss 0.01
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one…
- risk 0.49cvss 7.5epss 0.01
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux…
- risk 0.49cvss 7.5epss 0.01
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux…
- risk 0.49cvss 7.5epss 0.01
Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.
- risk 0.49cvss 7.5epss 0.01
An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter.
- risk 0.49cvss 7.5epss 0.01
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component.
- risk 0.49cvss 7.5epss 0.01
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment().
- risk 0.49cvss 7.5epss 0.01
An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet.
- risk 0.49cvss 7.5epss 0.01
An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
- risk 0.49cvss 7.5epss 0.01
An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.