CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,152 vulnerabilities with CWE-400
CVE-2021-30464 HIGH
OMICRON StationGuard < 1.10 - Denial of Service via Crafted TCP/20499 Packets
CVSS 7.5
CVE-2021-29453 MEDIUM
matrix-media-repo < 1.2.7 - Denial of Service via Malicious Image Thumbnailing
CVSS 5.7
CVE-2021-29430 HIGH
Sydent < 2.3.0 - Unauthenticated Denial of Service via Unbounded HTTP Request/Response
CVSS 7.5
CVE-2021-29433 MEDIUM
Sydent < 2.3.0 - Uncontrolled Resource Consumption via Third-Party Identifier Confirmation Endpoint
CVSS 4.3
CVE-2021-21728 MEDIUM
ZTE ZXA10 C300M Firmware < 4.5 - Unauthenticated Denial of Service via Open Port Packet Flood
CVSS 5.3
CVE-2021-21529 LOW
Dell System Update < 1.9 - Authenticated Denial of Service via Multiple Instance Memory Exhaustion
CVSS 3.8
CVE-2021-22696 HIGH
Apache CXF < 3.3.10 and 3.4.0-3.4.3 - Server-Side Request Forgery via OAuth 2 request_uri Parameter
CVSS 7.5
CVE-2021-28165 HIGH
Eclipse Jetty 7.2.2-9.4.38, 10.0.0.alpha0-10.0.1, 11.0.0.alpha0-11.0.1 - Denial of Service via Invalid TLS Frame
CVSS 7.5
CVE-2021-22177 MEDIUM
GitLab 12.6.0-13.6.6 - Denial of Service via gitlab-shell Command
CVSS 4.3
CVE-2021-20234 MEDIUM
libzmq < 4.3.3 - Memory Leak in Pipe Connection Handling
CVSS 6.5
CVE-2021-3479 MEDIUM
OpenEXR < 3.0.0-beta - Denial of Service via Scanline API
CVSS 5.5
CVE-2021-3478 MEDIUM
OpenEXR < 3.0.0-beta - Denial of Service via Scanline Input File
CVSS 5.5
CVE-2021-20216 HIGH
Privoxy < 3.0.31 - Denial of Service via Memory Leak on Decompression Failure
CVSS 7.5
CVE-2021-1460 MEDIUM
Cisco IOx Application Framework - Unauthenticated Denial of Service via Crafted TCP Traffic
CVSS 5.3
CVE-2021-21348 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-21341 HIGH
NetApp OnCommand Insight - Denial of Service via XStream Deserialization
CVSS 7.5
CVE-2021-21267 HIGH
schema-inspector < 2.0.0 - Denial of Service via Email Validation ReDoS
CVSS 7.5
CVE-2021-28089 HIGH
Tor < 0.4.5.7 - Uncontrolled Resource Consumption via Directory Protocol
CVSS 7.5
CVE-2021-21375 MEDIUM
PJSIP < 2.10 - Denial of Service via Malformed 183 Responses
CVSS 6.5
CVE-2021-20265 MEDIUM
Linux Kernel - Use-After-Free in unix_stream_recvmsg
CVSS 5.5
CVE-2021-21369 MEDIUM
Hyperledger Besu < 1.5.1 - Denial of Service via HTTP JSON-RPC Login Endpoint
CVSS 6.5
CVE-2021-22883 HIGH
Node.js <10.24.0,12.21.0,14.16.0,15.10.0 - DoS
CVSS 7.5
CVE-2021-25252 MEDIUM
Trend Micro's Virus Scan API/ATSE - Memory Corruption
CVSS 5.5
CVE-2021-22187 MEDIUM
GitLab < 13.6.7 - Uncontrolled Resource Consumption via Deleted Project Job Persistence
CVSS 4.3
CVE-2021-21274 MEDIUM
Synapse 0.99.0-1.24.9 - Denial of Service via .well-known File Redirection
CVSS 4.3
Details
Vulnerabilities 3,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits