CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,881 vulnerabilities with CWE-770
CVE-2023-45142 HIGH
OpenTelemetry-Go Contrib < 0.44.0 - Denial of Service via HTTP User-Agent and Method Header Cardinality
CVSS 7.5
CVE-2023-39325 HIGH
GO < 1.20.10 - Resource Allocation Without Limits
CVSS 7.5
CVE-2023-45129 MEDIUM
Synapse < 1.94.0 - Denial of Service via Malicious Server ACL Event
CVSS 4.9
CVE-2023-40542 HIGH
F5 BIG-IP 13.1.0-13.1.4 - Memory Resource Exhaustion via TCP Verified Accept
CVSS 7.5
CVE-2023-25822 MEDIUM
ReportPortal < 23.2 - Denial of Service via Excessive Nested Test Item Path Length
CVSS 6.3
CVE-2023-5330 MEDIUM
Mattermost < 7.8.11 - Denial of Service via OpenGraph Cache Overflow
CVSS 4.3
CVE-2023-45371 HIGH
MediaWiki Wikibase Extension Resource Allocation Flaw
CVSS 7.5
CVE-2023-5371 MEDIUM
Wireshark 3.6.0-3.6.16 4.0.0-4.0.8 - Denial of Service via RTPS Dissector Memory Leak
CVSS 5.3
CVE-2023-3153 MEDIUM
Open Virtual Network < 22.03.3 - Denial of Service via Unthrottled Service Monitor MAC
CVSS 5.3
CVE-2023-3967 MEDIUM
Hitachi Ops Center Common Services < 10.9.3-00 - Resource Allocation Without Limits
CVSS 5.3
CVE-2023-0809 MEDIUM
Eclipse Mosquitto < 2.0.16 - Denial of Service via Malicious Initial Packet
CVSS 5.8
CVE-2023-5289 HIGH
rdiffweb < 2.8.4 - Denial of Service via Resource Exhaustion
CVSS 8.8
CVE-2023-20033 HIGH
Cisco IOS XE for Catalyst 3650/3850 - DoS via Management Interface
CVSS 8.6
CVE-2023-43642 HIGH
snappy-java < 1.1.10.4 - Denial of Service via Large Chunk Size in SnappyInputStream
CVSS 7.5
CVE-2023-42457 HIGH
plone.rest 2.0.0a1-2.0.0 - Denial of Service via Repeated ++api++ Traverser
CVSS 7.5
CVE-2023-43632 CRITICAL
LF Edge EVE < 0.0.0-20230519072751-977f42b07fa9 - Stack Overflow via VTPM Protobuf Header
CVSS 9.0
CVE-2023-37279 HIGH
Faktory < 1.8.0 - Denial of Service via Days URL Query Parameter
CVSS 7.5
CVE-2023-32186 HIGH
SUSE RKE2 DoS via K3s API Server Port
CVSS 7.5
CVE-2023-32187 HIGH
k3s 1.24.0-1.24.16+k3s1 1.25.0-1.25.12+k3s1 1.26.0-1.26.7+k3s1 1.27.0-1.27.4+k3s1 1.28.0 DoS via Apiserver Port
CVSS 7.5
CVE-2023-41043 MEDIUM
Discourse <3.1.1, <3.2.0.beta1 - DoS
CVSS 6.5
CVE-2023-41042 MEDIUM
Discourse <3.1.1-3.2.0.beta1 - Info Disclosure
CVSS 4.9
CVE-2023-40588 MEDIUM
Discourse < 3.1.1 - Denial of Service via 2FA/Security Key Name
CVSS 6.5
CVE-2023-40019 HIGH
FreeSWITCH < 1.10.10 - Authenticated Denial of Service via Duplicate Codec Names in re-INVITE SDP
CVSS 7.5
CVE-2023-38706 MEDIUM
Discourse <3.1.1, <3.2.0.beta1 - Info Disclosure
CVSS 6.5
CVE-2023-38507 HIGH
Strapi < 4.12.1 - Unauthenticated Rate Limit Bypass in Admin Login
CVSS 7.3
Details
Vulnerabilities 1,881
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits