CWE-770— Allocation of Resources Without Limits or Throttling
1,767 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-770page 11 of 36
- CVE-2022-2929MEDIUMCVSS 6.5EG 6.52022-10-07
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
- CVE-2022-29404HIGHCVSS 7.5EG 7.52022-06-09
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
- CVE-2022-29503CRITICALCVSS 9.8EG 9.82022-09-29
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
- CVE-2022-29701HIGHCVSS 7.5EG 7.52022-04-27
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e…
- CVE-2022-29767MEDIUMCVSS 6.5EG 6.52022-06-03
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.
- CVE-2022-29776CRITICALCVSS 9.8EG 9.82022-06-02
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
- CVE-2022-29863HIGHCVSS 7.5EG 7.52022-06-16
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.
- CVE-2022-29892MEDIUMCVSS 6.5EG 6.52022-07-04
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
- CVE-2022-29973MEDIUMCVSS 4.7EG 4.72022-05-02
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.
- CVE-2022-30522HIGHCVSS 7.5EG 7.52022-06-09
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
- CVE-2022-30775MEDIUMCVSS 5.5EG 5.52022-05-16
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast+…
- CVE-2022-31016MEDIUMCVSS 6.5EG 6.52022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in…
- CVE-2022-31075MEDIUMCVSS 4.9EG 4.92022-07-11
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attack…
- CVE-2022-31078MEDIUMCVSS 4.4EG 4.42022-07-11
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of response…
- CVE-2022-31079MEDIUMCVSS 4.4EG 4.42022-07-11
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the Cloud Stream server and the Edge Stream server reads the entire …
- CVE-2022-31080MEDIUMCVSS 4.4EG 4.42022-07-11
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS fr…
- CVE-2022-31118MEDIUMCVSS 6.5EG 6.52022-08-04
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ …
- CVE-2022-31184MEDIUMCVSS 6.5EG 6.52022-08-01
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rat…
- CVE-2022-31285MEDIUMCVSS 5.5EG 5.52022-06-10
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h.
- CVE-2022-31287MEDIUMCVSS 5.5EG 5.52022-06-10
An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp.
- CVE-2022-31394HIGHCVSS 7.5EG 7.52023-02-21
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
- CVE-2022-3147LOWCVSS 3.1EG 6.52022-09-09
Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server…
- CVE-2022-32037HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.
- CVE-2022-32039HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.
- CVE-2022-32040HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.
- CVE-2022-32041HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.
- CVE-2022-32043HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.
- CVE-2022-32044HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.
- CVE-2022-32045HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.
- CVE-2022-32046HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c.
- CVE-2022-32047HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
- CVE-2022-32048HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.
- CVE-2022-32049HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.
- CVE-2022-32050HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.
- CVE-2022-32051HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.
- CVE-2022-32052HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.
- CVE-2022-32053HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.
- CVE-2022-3212HIGHCVSS 7.5EG 7.52022-09-14
<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of mem…
- CVE-2022-32205MEDIUMCVSS 4.3EG 4.32022-07-07
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers t…
- CVE-2022-32206MEDIUMCVSS 6.5EG 6.52022-07-07
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbo…
- CVE-2022-32559CRITICALCVSS 9.1EG 9.12022-06-14
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
- CVE-2022-3273CRITICALCVSS 9.8EG 9.82022-10-06
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
- CVE-2022-3295HIGHCVSS 7.5EG 7.52022-09-26
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.
- CVE-2022-32958HIGHCVSS 7.7EG 7.72022-07-20
A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.
- CVE-2022-3298HIGHCVSS 7.5EG 7.52022-09-26
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.
- CVE-2022-3364HIGHCVSS 7.5EG 7.52022-09-29
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.
- CVE-2022-3371HIGHCVSS 7.5EG 7.52022-09-30
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.
- CVE-2022-33749MEDIUMCVSS 5.3EG 5.32022-10-11
XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from car…
- CVE-2022-3423HIGHCVSS 7.3EG 7.32022-10-07
Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.
- CVE-2022-34308MEDIUMCVSS 5.5EG 5.52022-10-07
IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.
Map vulnerabilities like CWE-770 to your infrastructure
EchelonGraph correlates every CVE — across CWE-770 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →