CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,141 vulnerabilities with CWE-400
CVE-2023-36042 MEDIUM
Visual Studio 2019 16.0-16.11.32 and 2022 17.2-17.2.22 - Denial of Service
CVSS 6.2
CVE-2023-44321 LOW
Siemens 6GK5205 and 6GK5213 Firmware < 4.5 - Authenticated Denial of Service via Web Interface Configuration
CVSS 2.7
CVE-2023-42813 MEDIUM
Kyverno - Denial of Service via Malicious Notary Verifier Response
CVSS 6.1
CVE-2023-45167 MEDIUM
IBM AIX 7.3 - Denial of Service via Python Uncontrolled Resource Consumption
CVSS 6.2
CVE-2023-5759 HIGH
Helix Core < 2023.2 - Unauthenticated Denial of Service via Buffer Overflow
CVSS 7.5
CVE-2023-45319 HIGH
Helix Core < 2023.2 - Unauthenticated Denial of Service via Commit Function
CVSS 7.5
CVE-2023-35767 HIGH
Helix Core < 2023.2 - Unauthenticated Denial of Service via Shutdown Function
CVSS 7.5
CVE-2023-46737 LOW
sigstore/cosign < 2.2.1 - Denial of Service via High Number of Attestations
CVSS 3.1
CVE-2023-5969 MEDIUM
Mattermost < 7.8.11, 7.8.12, 8.0.4 - Denial of Service via Redirect Location Caching
CVSS 5.3
CVE-2023-41378 HIGH
Calico Typha <3.26.2, Calico Enterprise Typha <3.17.1 - DoS
CVSS 7.5
CVE-2023-42669 MEDIUM
Samba >=4.0.0 <4.17.12 - Authenticated Denial of Service via rpcecho TestSleep Function
CVSS 6.5
CVE-2023-42670 MEDIUM
Samba < 4.17.12 - Denial of Service via Incompatible RPC Listener Competition
CVSS 6.5
CVE-2023-29046 MEDIUM
Open-Xchange AppSuite - Resource Exhaustion via External Connections
CVSS 4.3
CVE-2023-5876 LOW
Mattermost Desktop < 5.5.1 - Denial of Service via Server URL Path RegExp
CVSS 3.1
CVE-2023-20155 HIGH
Cisco Firepower Management Center - DoS
CVSS 7.5
CVE-2023-5625 MEDIUM
Red Hat OpenShift Container Platform - Allocation of Resources Without Limits or Throttling
CVSS 5.3
CVE-2023-46278 MEDIUM
Cybozu Remote Service 4.1.0-4.1.1 - Authenticated Uncontrolled Resource Consumption
CVSS 6.5
CVE-2023-39610 MEDIUM
TP-Link Tapo C100 Firmware < 1.1.15 - Denial of Service via Crafted Web Request
CVSS 6.5
CVE-2023-45955 HIGH
Nanoleaf Lightstrip Firmware 3.5.10 - Denial of Service via Write Binding Attribute Commands
CVSS 7.5
CVE-2023-46361 MEDIUM
Artifex Software jbig2dec <0.20 - Memory Corruption
CVSS 6.5
CVE-2023-45956 HIGH
Govee LED Strip Firmware 3.00.42 - Denial of Service via Move and MoveWithOnoff Commands
CVSS 7.5
CVE-2023-21339 HIGH
Android < 14.0 - Unauthenticated Denial of Service via Minikin Message Processing
CVSS 7.5
CVE-2023-31418 HIGH
Elasticsearch < 7.17.13 - Unauthenticated Denial of Service via Malformed HTTP Requests
CVSS 7.5
CVE-2023-40408 MEDIUM
iPadOS < 16.7.2 - Uncontrolled Resource Consumption
CVSS 5.3
CVE-2023-5724 HIGH
Firefox < 119 and Firefox ESR < 115.4 - Denial of Service via Large Draw Calls
CVSS 7.5
Details
Vulnerabilities 3,141
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits