Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-41568 Resource Exhaustion vulnerability in Linecorp Line
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
network
low complexity
linecorp CWE-400
7.5
2022-11-25 CVE-2022-39346 Resource Exhaustion vulnerability in Nextcloud Enterprise Server and Nextcloud Server
Nextcloud server is an open source personal cloud server.
network
low complexity
nextcloud CWE-400
6.5
2022-11-23 CVE-2022-45873 Resource Exhaustion vulnerability in Systemd Project Systemd
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace.
local
low complexity
systemd-project CWE-400
5.5
2022-11-23 CVE-2022-41932 Resource Exhaustion vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-400
5.3
2022-11-22 CVE-2022-41952 Resource Exhaustion vulnerability in Matrix Synapse
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time.
network
low complexity
matrix CWE-400
5.3
2022-11-22 CVE-2022-4111 Resource Exhaustion vulnerability in Tooljet
Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
network
low complexity
tooljet CWE-400
6.5
2022-11-18 CVE-2022-38871 Resource Exhaustion vulnerability in Free5Gc 3.0.5
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.
network
low complexity
free5gc CWE-400
7.5
2022-11-15 CVE-2022-20854 Resource Exhaustion vulnerability in Cisco Firepower Management Center
A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-400
7.5
2022-11-14 CVE-2022-40735 Resource Exhaustion vulnerability in Diffie-Hellman KEY Exchange Project Diffie-Hellman KEY Exchange
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents.
7.5
2022-11-14 CVE-2022-43686 Resource Exhaustion vulnerability in Concretecms Concrete CMS
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
network
low complexity
concretecms CWE-400
6.5