Vulnerabilities > Allocation of Resources Without Limits or Throttling
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-27901 | Allocation of Resources Without Limits or Throttling vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. | 7.5 |
| 2023-02-28 | CVE-2022-41725 | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO A denial of service is possible from excessive resource consumption in net/http and mime/multipart. | 7.5 |
| 2023-02-28 | CVE-2022-41727 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. | 5.5 |
| 2023-02-23 | CVE-2023-23916 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 6.5 |
| 2023-02-21 | CVE-2022-31394 | Allocation of Resources Without Limits or Throttling vulnerability in Hyper Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. | 7.5 |
| 2023-02-21 | CVE-2023-26249 | Allocation of Resources Without Limits or Throttling vulnerability in NIC Knot Resolver Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. | 7.5 |
| 2023-02-20 | CVE-2023-24998 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | 7.5 |
| 2023-02-20 | CVE-2023-25656 | Allocation of Resources Without Limits or Throttling vulnerability in Notaryproject Notation-Go 0.7.0/0.8.0/0.9.0 notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. | 7.5 |
| 2023-02-17 | CVE-2023-24785 | Allocation of Resources Without Limits or Throttling vulnerability in Peazip Project Peazip 9.0.0 An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. | 5.5 |
| 2023-02-16 | CVE-2023-25153 | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Containerd containerd is an open source container runtime. | 5.5 |