CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,147 vulnerabilities with CWE-400
CVE-2022-24713 HIGH
regex <= 1.5.4 - Denial of Service via Regex Parsing Mitigation Bypass
CVSS 7.5
CVE-2022-23328 HIGH
Go-Ethereum - Denial of Service via High Gas Price Transaction Flood
CVSS 7.5
CVE-2022-25326 MEDIUM
fscrypt < 0.3.3 - Uncontrolled Resource Consumption via World-Writable Directory
CVSS 5.5
CVE-2022-0695 MEDIUM
radare2 < 5.6.4 - Denial of Service
CVSS 5.5
CVE-2022-24678 HIGH
Trend Micro Apex One and Worry-Free Business Security - Denial of Service via Log Flooding
CVSS 7.5
CVE-2022-20624 HIGH
Cisco NX-OS - Unauthenticated Denial of Service via CFSoIP Packet Handling
CVSS 8.6
CVE-2022-0476 MEDIUM
radare2 < 5.6.4 - Denial of Service
CVSS 5.5
CVE-2022-0671 CRITICAL
vscode-xml <0.19.0 - Blind SSRF/DoS
CVSS 9.1
CVE-2022-21698 HIGH
client_golang < 1.11.1 - Denial of Service via Unbounded HTTP Method Cardinality
CVSS 7.5
CVE-2022-22780 MEDIUM
Zoom Meetings - Uncontrolled Resource Consumption via Zip Bomb in Chat Functionality
CVSS 4.7
CVE-2022-22543 HIGH
SAP NetWeaver Application Server for ABAP (Kernel) - DoS
CVSS 7.5
CVE-2022-23591 HIGH
TensorFlow < 2.5.3 - Denial of Service via Recursive GraphDef Function
CVSS 7.5
CVE-2022-23580 MEDIUM
TensorFlow < 2.5.3 - Denial of Service via Shape Inference Vector Allocation
CVSS 6.5
CVE-2022-22724 HIGH
Modicon M340 BMXP34 - Denial of Service via TCP RST/FIN Packet Flood
CVSS 7.5
CVE-2022-23030 MEDIUM
F5 BIG-IP 13.1.0-13.1.3, 14.1.0-14.1.4.4, 15.1.0-15.1.4, 16.1.0-16.1.1 - Resource Consumption via ixlv Driver
CVSS 5.3
CVE-2022-23024 HIGH
BIG-IP AFM DoS via IPsec ALG Logging Profile (13.1.x < 13.1.4, 14.1.x < 14.1.4.2, 15.1.x < 15.1.4.1, 16.x < 16.1.0)
CVSS 7.5
CVE-2022-23023 MEDIUM
F5 BIG-IP 12.1.0-12.1.4 - Authenticated Uncontrolled Resource Consumption via iControl REST
CVSS 6.5
CVE-2022-23015 HIGH
F5 BIG-IP 14.1.2.6-14.1.4.4, 15.1.x < 15.1.4.1, 16.x < 16.1.0 - Uncontrolled Resource Consumption via Client SSL Profile
CVSS 7.5
CVE-2022-21708 MEDIUM
graphql-go < 1.3.0 - Denial of Service via Stack Overflow in Query Handling
CVSS 6.5
CVE-2022-21366 MEDIUM
Oracle GraalVM 20.3.4, 21.3.0 and Oracle JDK/JRE 11.0.13, 17.0.1 - Unauthenticated Partial Denial of Service in ImageIO
CVSS 5.3
CVE-2022-21360 MEDIUM
Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0 - Unauthenticated Partial Denial of Service via ImageIO
CVSS 5.3
CVE-2022-21340 MEDIUM
Oracle Openjdk < 11.70.1 - Denial of Service
CVSS 5.3
CVE-2022-21299 MEDIUM
Oracle GraalVM 7u321, 8u311, 11.0.13, 17.0.1, 20.3.4, 21.3.0 - Unauthenticated Partial Denial of Service via JAXP
CVSS 5.3
CVE-2022-21293 MEDIUM
Oracle GraalVM and JDK - Unauthenticated Partial Denial of Service via Multiple Protocols
CVSS 5.3
CVE-2022-21277 MEDIUM
Oracle GraalVM 20.3.4, 21.3.0 and Oracle JDK 11.0.13, 17.0.1 - Unauthenticated Partial Denial of Service in ImageIO
CVSS 5.3
Details
Vulnerabilities 3,147
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits