CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,881 vulnerabilities with CWE-770
CVE-2023-28104 HIGH
silverstripe/graphql 4.1.1-4.2.2 - Denial of Service via Crafted GraphQL Query
CVSS 7.5
CVE-2023-28338 HIGH
Netgear Nighthawk Wifi6 Router (RAX30) - Denial of Service via Multipart Boundary Request
CVSS 7.5
CVE-2023-27596 HIGH
OpenSIPS < 3.1.8 - Denial of Service via Malformed SDP Body
CVSS 7.5
CVE-2023-27530 HIGH
Rack <2.0.9.3 - Denial of Service via Multipart MIME Parsing
CVSS 7.5
CVE-2023-27901 HIGH
Jenkins < 2.375.4, < 2.394 - Denial of Service via Unlimited Request Parts
CVSS 7.5
CVE-2023-27900 HIGH
Jenkins < 2.375.4, < 2.394 - Denial of Service via Unlimited Request Parts in MultipartFormDataParser
CVSS 7.5
CVE-2023-23916 MEDIUM
curl 7.57.0-7.87.0 - Denial of Service via HTTP Compression Header Chain
CVSS 6.5
CVE-2023-26249 HIGH
Knot Resolver < 5.6.0 - Denial of Service via TCP Connection Amplification
CVSS 7.5
CVE-2023-25656 HIGH
notation-go < 1.0.0-rc.3 - Denial of Service via Excessive Memory Consumption
CVSS 7.5
CVE-2023-24998 HIGH
Apache Commons FileUpload < 1.5 - Denial of Service via Unlimited Request Parts
CVSS 7.5
CVE-2023-24785 MEDIUM
PeaZip 9.0.0 - Denial of Service via End of Archive Tag in UNPEA Feature
CVSS 5.5
CVE-2023-25153 MEDIUM
containerd < 1.5.18 - Denial of Service via OCI Image Import
CVSS 6.2
CVE-2023-0568 HIGH
PHP 8.0.X-8.2.X - Memory Corruption
CVSS 7.5
CVE-2023-25578 HIGH
Starlite < 1.51.2 - Unauthenticated Denial of Service via Multipart Body Parsing
CVSS 7.5
CVE-2023-25171 HIGH
Kiwi TCMS < 12.0 - Denial of Service via Password Reset Email Spam
CVSS 7.5
CVE-2023-25156 HIGH
Kiwi TCMS < 12.0 - Unauthenticated Brute-Force Attack via Login Page
CVSS 7.5
CVE-2023-25577 HIGH
Werkzeug < 2.2.3 - Denial of Service via Multipart Form Data Parsing
CVSS 7.5
CVE-2023-25576 HIGH
fastify-multipart < 6.0.1 - Denial of Service via Unlimited Multipart Parts
CVSS 7.5
CVE-2023-25193 HIGH
HarfBuzz < 6.0.0 - Denial of Service via O(n^2) Growth in Mark Attachment
CVSS 7.5
CVE-2023-23969 HIGH
Django 3.2-3.2.16 4.0-4.0.8 4.1-4.1.5 - Denial of Service via Accept-Language Header Parsing
CVSS 7.5
CVE-2023-22323 HIGH
BIP-IP <17.0.0.2, <16.1.3.3, <15.1.8.1, <14.1.5.3, 13.1.x - DoS
CVSS 7.5
CVE-2023-23846 HIGH
open5gs < 2.4.13 and < 2.5.7 - Unauthenticated Denial of Service via GTP Extension Header Length Zero
CVSS 7.5
CVE-2023-22740 MEDIUM
Discourse < 3.0.0 - Denial of Service via Unlimited Chat Draft Length
CVSS 4.3
CVE-2023-22739 MEDIUM
Discourse < 3.0.1 - Denial of Service via Unlimited Draft Data
CVSS 6.5
CVE-2023-20047 MEDIUM
Cisco Webex Room Phone/Cisco Webex Share - DoS
CVSS 6.5
Details
Vulnerabilities 1,881
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits