CWE-400
Uncontrolled Resource Consumption
Description
The product does not properly control the allocation and maintenance of a limited resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-147 · CAPEC-227 · CAPEC-492
CVEs mapped to this weakness (1,853)
page 60 of 93| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6493 | Med | 0.34 | 5.3 | 0.00 | Jun 22, 2025 | A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely.… | ||
| CVE-2025-6492 | Med | 0.34 | 5.3 | 0.00 | Jun 22, 2025 | A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression… | ||
| CVE-2025-32472 | Med | 0.34 | 5.3 | 0.01 | Apr 28, 2025 | The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive. | ||
| CVE-2024-23814 | — | Med | 0.34 | 5.3 | 0.01 | Feb 11, 2025 | The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary… | |
| CVE-2024-38828 | Med | 0.34 | 5.3 | 0.01 | Nov 18, 2024 | Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. | ||
| CVE-2024-38826 | Med | 0.34 | — | 0.00 | Nov 11, 2024 | Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi… | ||
| CVE-2024-33498 | Med | 0.34 | 5.3 | 0.01 | May 14, 2024 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating… | ||
| CVE-2017-15345 | Med | 0.34 | 5.3 | 0.00 | Feb 15, 2018 | Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. | ||
| CVE-2026-35406 | Med | 0.33 | 6.2 | 0.00 | Apr 7, 2026 | Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1. | ||
| CVE-2024-5569 | Med | 0.33 | 6.2 | 0.00 | Jul 9, 2024 | A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython,… | ||
| CVE-2023-35925 | Med | 0.33 | 6.2 | 0.00 | Jun 23, 2023 | FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has… | ||
| CVE-2023-25153 | Med | 0.33 | 6.2 | 0.00 | Feb 16, 2023 | containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of… | ||
| CVE-2026-45802 | Med | 0.32 | — | 0.00 | Jun 11, 2026 | FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion… | ||
| CVE-2026-11790 | Med | 0.32 | 4.9 | 0.00 | Jun 9, 2026 | A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption… | ||
| CVE-2026-28967 | Med | 0.32 | 4.9 | 0.00 | May 11, 2026 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service. | ||
| CVE-2026-34304 | Med | 0.32 | 4.9 | 0.00 | Apr 21, 2026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to… | ||
| CVE-2026-34293 | Med | 0.32 | 4.9 | 0.00 | Apr 21, 2026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. … | ||
| CVE-2026-34278 | Med | 0.32 | 4.9 | 0.00 | Apr 21, 2026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL… | ||
| CVE-2026-34267 | Med | 0.32 | 4.9 | 0.00 | Apr 21, 2026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL… | ||
| CVE-2026-22005 | Med | 0.32 | 4.9 | 0.00 | Apr 21, 2026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple… |
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely.…
- risk 0.34cvss 5.3epss 0.00
A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression…
- risk 0.34cvss 5.3epss 0.01
The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.
- risk 0.34cvss 5.3epss 0.01
The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary…
- risk 0.34cvss 5.3epss 0.01
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
- risk 0.34cvss —epss 0.00
Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi…
- risk 0.34cvss 5.3epss 0.01
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…
- risk 0.34cvss 5.3epss 0.00
Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.
- risk 0.33cvss 6.2epss 0.00
Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.
- risk 0.33cvss 6.2epss 0.00
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython,…
- risk 0.33cvss 6.2epss 0.00
FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has…
- risk 0.33cvss 6.2epss 0.00
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of…
- risk 0.32cvss —epss 0.00
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion…
- risk 0.32cvss 4.9epss 0.00
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption…
- risk 0.32cvss 4.9epss 0.00
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.
- risk 0.32cvss 4.9epss 0.00
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to…
- risk 0.32cvss 4.9epss 0.00
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. …
- risk 0.32cvss 4.9epss 0.00
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL…
- risk 0.32cvss 4.9epss 0.00
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL…
- risk 0.32cvss 4.9epss 0.00
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple…