CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,134 vulnerabilities with CWE-400
CVE-2024-23450 MEDIUM
Elasticsearch 7.0.0-7.17.18 - Denial of Service via Deeply Nested Ingest Pipeline
CVSS 4.9
CVE-2024-21914 MEDIUM
Rockwell Automation FactoryTalk View < 14.0 - Unauthenticated Denial of Service via Remote Restart
CVSS 5.3
CVE-2024-29186 MEDIUM
Bref < 2.1.17 - Uncontrolled Resource Consumption via Crafted Multipart Content-Type Header
CVSS 5.3
CVE-2024-28863 MEDIUM
node-tar < 6.2.1 - Denial of Service via Excessive Sub-Folder Creation
CVSS 6.5
CVE-2024-26369 HIGH
FastDDS 2.6.x 2.10.x 2.11.x 2.12.x - Denial of Service via HistoryQosPolicy Data Handling
CVSS 7.5
CVE-2024-27100 MEDIUM
Discourse < 3.2.1, < 3.3.0 - Resource Consumption via Suspension/Silencing/CSV Export
CVSS 6.5
CVE-2024-27085 MEDIUM
Discourse < 3.2.0 and < 3.3.0 - Uncontrolled Resource Consumption via Invite Route Parameters
CVSS 6.5
CVE-2024-24827 MEDIUM
Discourse < 3.2.0 and < 3.3.0 - Unauthenticated Denial of Service via Unlimited Uploads
CVSS 5.3
CVE-2024-28854 HIGH
tls-listener < 0.10.0 - Denial of Service via Slowloris Attack
CVSS 7.5
CVE-2024-2446 MEDIUM
Mattermost <8.1.10, <9.2.6, <9.3.2, <9.4.3 - DoS
CVSS 4.3
CVE-2024-28053 LOW
Mattermost Server 8.1.0-8.1.9 - Denial of Service via Large Email Payload
CVSS 3.1
CVE-2024-24975 LOW
Mattermost Mobile < 2.13.0 - Denial of Service via Large Code Block Syntax Highlighting
CVSS 3.5
CVE-2024-1765 MEDIUM
Cloudflare Quiche < 0.19.2 - Denial of Service via 1-RTT CRYPTO Frame Flood
CVSS 5.9
CVE-2024-1410 LOW
Cloudflare quiche < 0.19.2 - Unauthenticated Uncontrolled Resource Consumption via Connection ID Retirement
CVSS 3.7
CVE-2024-26190 HIGH
.NET >=7.0.0 <7.0.17 - Denial of Service via Microsoft QUIC
CVSS 7.5
CVE-2024-21392 HIGH
.NET 7.0.0-7.0.16 and Visual Studio 2022 17.4-17.4.16 - Denial of Service
CVSS 7.5
CVE-2024-28176 MEDIUM
jose < 2.0.7 and 3.0.0-4.15.4 - Uncontrolled Resource Consumption in JWE Decryption
CVSS 4.9
CVE-2024-28122 MEDIUM
lestrrat-go/jwx <1.2.29 and 2.0.0-2.0.20 - Denial of Service via Malicious JWE Token
CVSS 6.8
CVE-2024-23265 HIGH
iPadOS < 16.7.6 - Memory Corruption via Improved Locking
CVSS 7.8
CVE-2024-23259 MEDIUM
iPadOS < 16.7.6 and 17.4 - Denial of Service via Web Content Processing
CVSS 6.5
CVE-2024-25615 MEDIUM
ArubaOS 8.10.0.0-8.10.0.9 - Unauthenticated Denial-of-Service via PAPI Spectrum Service
CVSS 5.3
CVE-2024-25269 HIGH
libheif <= 1.17.6 - Memory Corruption
CVSS 7.5
CVE-2024-27355 HIGH
phpseclib <1.0.23, <2.0.47, <3.0.36 - DoS
CVSS 7.5
CVE-2024-27354 HIGH
phpseclib <1.0.23, 2.0.47, 3.0.36 - DoS
CVSS 7.5
CVE-2024-1953 MEDIUM
Mattermost <8.1.9, <9.2.5, 9.3.0, <9.4.2 - DoS
CVSS 4.3
Details
Vulnerabilities 3,134
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits