Vulnerabilities > Allocation of Resources Without Limits or Throttling
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2023-0121 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | 7.5 |
| 2023-06-06 | CVE-2023-2253 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). | 6.5 |
| 2023-06-06 | CVE-2023-0921 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 4.3 |
| 2023-05-30 | CVE-2023-32699 | Allocation of Resources Without Limits or Throttling vulnerability in Metersphere MeterSphere is an open source continuous testing platform. | 6.5 |
| 2023-05-30 | CVE-2023-33656 | Allocation of Resources Without Limits or Throttling vulnerability in Emqx Nanomq 0.17.2 A memory leak vulnerability exists in NanoMQ 0.17.2. | 5.5 |
| 2023-05-30 | CVE-2023-2650 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. | 6.5 |
| 2023-05-10 | CVE-2023-25568 | Allocation of Resources Without Limits or Throttling vulnerability in Protocol Boxo 0.4.0/0.5.0 Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. | 7.5 |
| 2023-05-09 | CVE-2023-31472 | Allocation of Resources Without Limits or Throttling vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before 3.216. | 7.5 |
| 2023-04-21 | CVE-2023-29575 | Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.6.0639 Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. | 5.5 |
| 2023-04-13 | CVE-2023-29573 | Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.6.0639 Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component. | 5.5 |