Vulnerabilities > Allocation of Resources Without Limits or Throttling
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-28 | CVE-2023-20108 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Unified Communications Manager IM and Presence Service 12.5(1)/14Su A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. | 7.5 |
| 2023-06-21 | CVE-2023-2828 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. | 7.5 |
| 2023-06-15 | CVE-2023-34455 | Allocation of Resources Without Limits or Throttling vulnerability in Xerial Snappy-Java snappy-java is a fast compressor/decompressor for Java. | 7.5 |
| 2023-06-14 | CVE-2023-35116 | Allocation of Resources Without Limits or Throttling vulnerability in Fasterxml Jackson-Databind jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. | 4.7 |
| 2023-06-14 | CVE-2023-34149 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Struts Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater. | 6.5 |
| 2023-06-14 | CVE-2023-34396 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Struts Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater | 7.5 |
| 2023-06-07 | CVE-2023-0121 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | 7.5 |
| 2023-06-06 | CVE-2023-2253 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). | 6.5 |
| 2023-06-06 | CVE-2023-0921 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 4.3 |
| 2023-05-30 | CVE-2023-32699 | Allocation of Resources Without Limits or Throttling vulnerability in Metersphere MeterSphere is an open source continuous testing platform. | 6.5 |