Vulnerabilities > Allocation of Resources Without Limits or Throttling
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-06 | CVE-2023-2253 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). | 6.5 |
| 2023-06-06 | CVE-2023-0921 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 4.3 |
| 2023-05-30 | CVE-2023-32699 | Allocation of Resources Without Limits or Throttling vulnerability in Metersphere MeterSphere is an open source continuous testing platform. | 6.5 |
| 2023-05-30 | CVE-2023-33656 | Allocation of Resources Without Limits or Throttling vulnerability in Emqx Nanomq 0.17.2 A memory leak vulnerability exists in NanoMQ 0.17.2. | 5.5 |
| 2023-05-30 | CVE-2023-2650 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. | 6.5 |
| 2023-05-10 | CVE-2023-25568 | Allocation of Resources Without Limits or Throttling vulnerability in Protocol Boxo 0.4.0/0.5.0 Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. | 7.5 |
| 2023-05-09 | CVE-2023-31472 | Allocation of Resources Without Limits or Throttling vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before 3.216. | 7.5 |
| 2023-05-05 | CVE-2023-26285 | Allocation of Resources Without Limits or Throttling vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. | 5.9 |
| 2023-04-21 | CVE-2023-29575 | Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.6.0639 Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. | 5.5 |
| 2023-04-13 | CVE-2023-29573 | Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.6.0639 Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component. | 5.5 |