CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,128 vulnerabilities with CWE-400
CVE-2024-44227 HIGH
iPadOS < 18.0 - Denial of Service via Memory Corruption
CVSS 7.5
CVE-2024-44192 MEDIUM
Safari < 18.0 - Denial of Service via Malicious Web Content
CVSS 5.5
CVE-2024-53693 HIGH
QNAP QTS and QuTS hero - CRLF Injection
CVSS 7.1
CVE-2024-53458 HIGH
Sysax Multi Server 6.99 - Denial of Service via SSH Packet Processing
CVSS 7.5
CVE-2024-34036 MEDIUM
O-RAN Near Realtime RIC I-Release - DoS
CVSS 4.3
CVE-2024-34035 MEDIUM
O-RAN Near Realtime RIC H-Release - DoS
CVSS 5.7
CVE-2024-57782 MEDIUM
Docker-proxy v18.09.0 - Denial of Service
CVSS 6.8
CVE-2024-56940 HIGH
LearnDash 6.7.1 - Denial of Service via Profile Image Upload
CVSS 7.5
CVE-2024-46923 HIGH
Samsung Exynos 2200 1480 and 2400 Firmware - Denial of Service via Missing Null Check in Xclipse Driver
CVSS 7.5
CVE-2024-23814 MEDIUM
Siemens SIMATIC and SIDOOR Devices - Unauthenticated Denial of Service via ICMP Fragment Reassembly
CVSS 5.3
CVE-2024-54658 MEDIUM
Safari < 17.4 - Denial of Service via Memory Handling Issue
CVSS 6.5
CVE-2024-57673 MEDIUM
floodlight v1.2 - Denial of Service via Topology Manager and Linkdiscovery Modules
CVSS 5.5
CVE-2024-57672 MEDIUM
floodlight v1.2 - Denial of Service via Topology Manager Module
CVSS 5.5
CVE-2024-45626 MEDIUM
Apache James Server < 3.7.6 and 3.8.0-3.8.2 - Denial of Service via JMAP HTML to Text Conversion
CVSS 6.5
CVE-2024-57085 HIGH
@stryker-mutator/util < 8.7.1 - Denial of Service via Prototype Pollution in deepMerge
CVSS 7.5
CVE-2024-57082 MEDIUM
@rpldy/uploader < 1.9.1 - Denial of Service via Prototype Pollution
CVSS 6.5
CVE-2024-57081 HIGH
underscore-contrib 0.3.0 - Denial of Service via Prototype Pollution in lib.fromQuery
CVSS 7.5
CVE-2024-57079 HIGH
@zag-js/core < 0.82.2 - Denial of Service via Prototype Pollution in deepMerge
CVSS 7.5
CVE-2024-57076 HIGH
ajax-request 1.2.3 - Denial of Service via Prototype Pollution in lib.post Function
CVSS 7.5
CVE-2024-57075 HIGH
eazy-logger < 4.1.0 - Denial of Service via Prototype Pollution
CVSS 7.5
CVE-2024-57074 HIGH
xe-utils 3.5.31 - Denial of Service via Prototype Pollution in lib.merge
CVSS 7.5
CVE-2024-53851 MEDIUM
Discourse < 3.3.3 and < 3.4.0 - Authenticated Denial of Service via Inline Onebox URL Endpoint
CVSS 4.3
CVE-2024-56921 HIGH
open5gs - Denial of Service via gmm_state_exception() Error Handling
CVSS 7.5
CVE-2024-57519 HIGH
open5gs 2.7.2 - Denial of Service via ogs_dbi_auth_info Function
CVSS 7.5
CVE-2024-12345 MEDIUM
INW Krbyyyzo 25.2002 - Resource Consumption via /gbo.aspx s Parameter
CVSS 4.4
Details
Vulnerabilities 3,128
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits