Vulnerabilities > Allocation of Resources Without Limits or Throttling

DATE CVE VULNERABILITY TITLE RISK
2022-03-09 CVE-2022-24741 Allocation of Resources Without Limits or Throttling vulnerability in Nextcloud Server
Nextcloud server is an open source, self hosted cloud style services platform.
network
low complexity
nextcloud CWE-770
6.5
2022-03-03 CVE-2022-21716 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
network
low complexity
twisted debian oracle fedoraproject CWE-770
7.5
2022-02-28 CVE-2022-24685 Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage.
network
low complexity
hashicorp CWE-770
7.5
2022-02-24 CVE-2022-24614 Allocation of Resources Without Limits or Throttling vulnerability in Metadata-Extractor Project Metadata-Extractor
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs.
local
low complexity
metadata-extractor-project CWE-770
5.5
2022-02-19 CVE-2016-20013 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
7.5
2022-02-18 CVE-2022-23228 Allocation of Resources Without Limits or Throttling vulnerability in Pexip Infinity
Pexip Infinity before 27.0 has improper WebRTC input validation.
network
low complexity
pexip CWE-770
7.5
2022-02-16 CVE-2021-22050 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy.
network
low complexity
vmware CWE-770
7.5
2022-02-15 CVE-2022-21698 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients.
network
low complexity
prometheus fedoraproject rdo-project CWE-770
7.5
2022-02-04 CVE-2021-32036 Allocation of Resources Without Limits or Throttling vulnerability in Mongodb
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention.
network
low complexity
mongodb CWE-770
7.1
2022-02-03 CVE-2022-21732 Allocation of Resources Without Limits or Throttling vulnerability in Google Tensorflow
Tensorflow is an Open Source Machine Learning Framework.
network
low complexity
google CWE-770
6.5