Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2024-08-01 CVE-2024-41123 Resource Exhaustion vulnerability in Ruby-Lang Rexml
REXML is an XML toolkit for Ruby.
network
low complexity
ruby-lang CWE-400
7.5
2024-08-01 CVE-2024-41946 Resource Exhaustion vulnerability in Ruby-Lang Rexml
REXML is an XML toolkit for Ruby.
network
low complexity
ruby-lang CWE-400
7.5
2024-07-30 CVE-2024-37299 Resource Exhaustion vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-400
7.5
2024-07-16 CVE-2024-5795 Resource Exhaustion vulnerability in Github Enterprise Server
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server.
network
low complexity
github CWE-400
6.5
2024-06-27 CVE-2024-4557 Resource Exhaustion vulnerability in Gitlab
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline.
network
low complexity
gitlab CWE-400
6.5
2024-06-25 CVE-2024-5011 Resource Exhaustion vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
network
low complexity
progress CWE-400
7.5
2024-02-09 CVE-2024-23323 Resource Exhaustion vulnerability in Envoyproxy Envoy
Envoy is a high-performance edge/middle/service proxy.
network
low complexity
envoyproxy CWE-400
5.3
2024-02-09 CVE-2024-1402 Resource Exhaustion vulnerability in Mattermost Server
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post. 
network
low complexity
mattermost CWE-400
4.3
2024-02-09 CVE-2024-25451 Resource Exhaustion vulnerability in Axiosys Bento4 1.6.0640
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.
network
low complexity
axiosys CWE-400
6.5
2024-02-09 CVE-2024-25452 Resource Exhaustion vulnerability in Axiosys Bento4 1.6.0640
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.
local
low complexity
axiosys CWE-400
5.5