Vulnerabilities > Allocation of Resources Without Limits or Throttling

DATE CVE VULNERABILITY TITLE RISK
2024-04-02 CVE-2024-29086 Allocation of Resources Without Limits or Throttling vulnerability in Openatom Openharmony
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.
local
low complexity
openatom CWE-770
5.5
2024-03-28 CVE-2024-2818 Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1.
network
low complexity
gitlab CWE-770
6.5
2024-03-26 CVE-2023-52622 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered: ================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK> __kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ================================================================== This is because flexbg_size is too large and the size of the new_group_data array to be allocated exceeds MAX_ORDER.
local
low complexity
linux debian CWE-770
5.5
2024-03-26 CVE-2024-26646 Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table.
local
low complexity
linux CWE-770
5.5
2024-03-25 CVE-2021-47170 Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large.
local
low complexity
linux CWE-770
5.5
2024-03-15 CVE-2024-2446 Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.
network
low complexity
mattermost CWE-770
4.3
2024-03-15 CVE-2024-28053 Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.
network
low complexity
mattermost CWE-770
6.5
2024-03-13 CVE-2020-11862 Allocation of Resources Without Limits or Throttling vulnerability in Opentext Netiq Privileged Account Manager
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
network
low complexity
opentext CWE-770
7.5
2024-03-11 CVE-2024-26618 Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state.
local
low complexity
linux CWE-770
5.5
2024-03-06 CVE-2023-52606 Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated.
local
low complexity
linux CWE-770
5.5