CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,128 vulnerabilities with CWE-400
CVE-2024-42651 HIGH
NanoMQ 0.17.9 - Denial of Service via SUBSCRIBE Message Handling
CVSS 7.5
CVE-2024-57708 MEDIUM
OneTrust SDK 6.33.0 - Denial of Service via Prototype Pollution
CVSS 5.7
CVE-2024-53423 MEDIUM
ONOS 2.7.0 - Denial of Service via Crafted Packet Handling
CVSS 5.6
CVE-2024-52979 MEDIUM
Elasticsearch < 7.17.25 - Denial of Service via Mustache Function in Search Templates
CVSS 6.5
CVE-2024-52981 MEDIUM
Elasticsearch 7.17.0-7.17.23 - Denial of Service via Well-KnownText GeometryCollection Recursion
CVSS 4.9
CVE-2024-52980 MEDIUM
Elasticsearch 7.17.0-8.15.0 - Denial of Service via PatternBank Recursion
CVSS 6.5
CVE-2024-52974 MEDIUM
Kibana 7.17.0-7.17.23 - Denial of Service via Observability API
CVSS 6.5
CVE-2024-56528 HIGH
Snowplow stream_collector 3.0.0-3.2.9 - Unauthenticated Denial of Service via Large Payload
CVSS 7.5
CVE-2024-47212 HIGH
iglu_server < 0.13.1 - Denial of Service via Large Payload to API Endpoint
CVSS 7.5
CVE-2024-7771 MEDIUM
mintplexlabs/anything-llm < 1.3.1 - Denial of Service via Low Sample Rate Audio File Upload
CVSS 6.5
CVE-2024-7036 HIGH
open-webui 0.3.8 - Denial of Service via Oversized Name Field
CVSS 7.5
CVE-2024-6838 MEDIUM
MLflow v2.13.2 - Denial of Service via Large Experiment Name or Artifact Location
CVSS 5.3
CVE-2024-12864 HIGH
qanything v2.0.0 - Unauthenticated Denial of Service via Large Filename in File Upload
CVSS 7.5
CVE-2024-12761 HIGH
imaginAIry 15.0.0 - Denial of Service via StableStudio Generate Endpoint
CVSS 7.5
CVE-2024-12534 HIGH
open-webui v0.3.32 - Unauthenticated Denial of Service via Large Payload Submission
CVSS 7.5
CVE-2024-12074 MEDIUM
automatic1111/stable-diffusion-webui 1.10.0 - Unauthenticated Denial of Service via Large Filename in File Upload
CVSS 6.5
CVE-2024-12070 HIGH
haotian-liu/llava v1.2.0 - Unauthenticated Denial of Service via Large Filename in File Upload
CVSS 7.5
CVE-2024-12063 HIGH
pribai/privategpt v0.6.2 - Denial of Service via Large Filename in File Upload
CVSS 7.5
CVE-2024-11043 HIGH
InvokeAI - Denial of Service via Large Payload in Board Name PATCH Request
CVSS 7.5
CVE-2024-11033 MEDIUM
binary-husky gpt_academic 3.83 - Denial of Service via Large Filename in File Upload
CVSS 6.5
CVE-2024-10912 HIGH
lm-sys fastchat 0.2.36 - Denial of Service via Large Filename in File Upload
CVSS 7.5
CVE-2024-10188 HIGH
litellm < 1.53.1.dev1 - Unauthenticated Denial of Service via ast.literal_eval Input Parsing
CVSS 7.5
CVE-2024-10110 HIGH
aimstack aim 3.23.0 - Denial of Service via ScheduledStatusReporter Main Thread Blocking
CVSS 7.5
CVE-2024-25132 MEDIUM
OpenShift Dedicated - Info Disclosure
CVSS 4.3
CVE-2024-54546 HIGH
macOS < 15 - Denial of Service via Memory Corruption
CVSS 7.5
Details
Vulnerabilities 3,128
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits