Vulnerabilities > Allocation of Resources Without Limits or Throttling
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2022-42334 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 6.5 |
| 2023-03-18 | CVE-2021-46877 | Allocation of Resources Without Limits or Throttling vulnerability in Fasterxml Jackson-Databind jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | 7.5 |
| 2023-03-16 | CVE-2023-28104 | Allocation of Resources Without Limits or Throttling vulnerability in Silverstripe Graphql 4.1.1/4.2.2 `silverstripe/graphql` serves Silverstripe data as GraphQL representations. | 7.5 |
| 2023-03-15 | CVE-2023-28338 | Allocation of Resources Without Limits or Throttling vulnerability in Netgear Rax30 Firmware Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. | 7.5 |
| 2023-03-15 | CVE-2023-27596 | Allocation of Resources Without Limits or Throttling vulnerability in Opensips OpenSIPS is a Session Initiation Protocol (SIP) server implementation. | 7.5 |
| 2023-03-10 | CVE-2023-27530 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | 7.5 |
| 2023-03-10 | CVE-2023-27900 | Allocation of Resources Without Limits or Throttling vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service. | 7.5 |
| 2023-03-10 | CVE-2023-27901 | Allocation of Resources Without Limits or Throttling vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. | 7.5 |
| 2023-02-28 | CVE-2022-41725 | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO A denial of service is possible from excessive resource consumption in net/http and mime/multipart. | 7.5 |
| 2023-02-28 | CVE-2022-41727 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. | 5.5 |