Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-770

CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,867 vulnerabilities with CWE-770

CVE-2023-45028 MEDIUM

QNAP QTS, QuTS hero, and QuTScloud - Authenticated Denial of Service via Resource Consumption

CVE-2023-47746 MEDIUM

IBM Db2 10.5.0.0-10.5.0.10 - Authenticated Denial of Service via Crafted Query

CVE-2023-28899 MEDIUM

Skoda Superb 3 Firmware - Denial of Service via UDS Reset Request

CVE-2023-37934 MEDIUM

FortiPAM 1.0 - Authenticated Denial of Service via High-Frequency HTTP/HTTPS Requests

CVE-2023-6476 MEDIUM

Red Hat OpenShift Container Platform - Denial of Service via Experimental Annotation Bypass

CVE-2023-46738 MEDIUM

CubeFS < 3.3.1 - Authenticated Denial of Service via Malicious HTTP Request

CVE-2023-3171 HIGH

JBoss Enterprise Application Platform - Denial of Service via Unchecked HashMap/HashTable Deserialization

CVE-2023-50730 HIGH

Grackle < 0.18.0 - Denial of Service via Cyclic Fragment or Deeply Nested Query Parsing

CVE-2023-6910 MEDIUM

M-Files Server < 23.12.13195.0 - Authenticated Denial of Service via Resource Exhaustion

CVE-2023-6563 HIGH

Keycloak < 21.0.0 - Unconstrained Memory Consumption via Admin UI Consents Tab

CVE-2023-5379 HIGH

JBoss EAP Undertow - Denial of Service via Oversized AJP Request Headers

CVE-2023-50247 LOW

Dena H2o < 2.2.6 - Resource Allocation Without Limits

CVE-2023-50455 HIGH

Zammad < 6.2.0 - Denial of Service via Email Address Verification Spam

CVE-2023-6337 HIGH

HashiCorp Vault <1.15.4-1.14.8-1.13.12 - DoS

CVE-2023-4486 HIGH

Johnson Controls Metasys NAE55/SNE/SNC & Facility Explorer F4-SNC <12.0.4 DoS via Invalid Credentials

CVE-2023-48831 HIGH

Availability Booking Calendar 5.0 - DoS

CVE-2023-4912 LOW

GitLab 10.5-16.4.2, 16.5-16.5.2, 16.6 - Client-Side Denial of Service via Malicious Mermaid Diagram Input

CVE-2023-34389 MEDIUM

SEL-451 Firmware - Authenticated Denial of Service via Resource Exhaustion

CVE-2023-42504 MEDIUM

Apache Superset < 3.0.0 - Authenticated Denial of Service via Concurrent Dashboard Export Requests

CVE-2023-6117 MEDIUM

M-Files Server < 23.11.13156.0 - Denial of Service via Obsolete Rest API Methods

CVE-2023-38543 HIGH

Ivanti Secure Access Client <22.6R1.1 - DoS

CVE-2023-47108 HIGH

OpenTelemetry-Go Contrib 0.37.0-0.45.0 - Unbounded Resource Allocation via gRPC Unary Server Interceptor

CVE-2023-47120 HIGH

Discourse 3.1.0-3.1.2 and 3.1.0.beta6-3.2.0.beta2 - Denial of Service via Favicon URL Oneboxing

CVE-2023-46130 MEDIUM

Discourse <3.1.3-3.2.0.beta3 - Info Disclosure

CVE-2023-5963 LOW

GitLab 13.9-16.3.6, 16.4.0-16.4.1, 16.5.0 - Denial of Service via Advanced Search Syntax Operator Chaining

Previous Page 43 of 75 Next

Details

Vulnerabilities 1,867

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy