Skip to main content

Product Directory Enterprise Compliance Pulse AI Analyst Compare Docs

Login Start Free

Loading...

Cloud security intelligence for modern infrastructure.

Stay informed

📬 Product updates & blog posts🛡️ CVE & vendor advisory alerts

Frequency:

Sent from noreply@echelongraph.io · Unsubscribe anytime

Product

Overview
Enterprise
Agents
AI Analyst
Pricing
Compare
vs. Competitors

Resources

CVE Pulse
Compliance Directory
Newsletter
Documentation
Readiness Calculator
Blog

Security Tools

Surface Scanner
AI Security Index
AI Threat Map
Shadow AI Radar
Shadow Engine Map

Company

Design Partners
Changelog
Contact

Legal

Privacy
Terms
Security
DPA

© 2026 EchelonGraph, Inc. All rights reserved.

SOC 2 Type IIISO 27001GDPRHIPAA Ready

Home›CVE Pulse›CWE-770

CWE-770— Allocation of Resources Without Limits or Throttling

1,767 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-770page 13 of 36

CVE-2022-41932HIGHCVSS 7.5EG 7.5
2022-11-23
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login for…
CVE-2022-42311MEDIUMCVSS 6.5EG 7.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42312MEDIUMCVSS 6.5EG 6.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42313MEDIUMCVSS 6.5EG 6.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42314MEDIUMCVSS 6.5EG 6.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42315MEDIUMCVSS 6.5EG 6.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42316MEDIUMCVSS 6.5EG 6.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42317MEDIUMCVSS 6.5EG 6.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42318MEDIUMCVSS 6.5EG 6.5
2022-11-01
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amo…
CVE-2022-42333HIGHCVSS 8.6EG 8.6
2023-03-21
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through d…
CVE-2022-42334MEDIUMCVSS 6.5EG 6.5
2023-03-21
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through d…
CVE-2022-42531HIGHCVSS 7.8EG 7.8
2022-12-16
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
CVE-2022-43686MEDIUMCVSS 6.5EG 6.5
2022-11-14
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
CVE-2022-43768HIGHCVSS 7.5EG 7.5
2023-04-11
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4…
CVE-2022-43945HIGHCVSS 7.5EG 7.5
2022-11-04
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC)…
CVE-2022-45434MEDIUMCVSS 5.9EG 5.9
2022-12-27
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an …
CVE-2022-45471LOWCVSS 3.5EG 7.5
2022-11-18
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
CVE-2022-46159MEDIUMCVSS 4.3EG 4.3
2022-12-02
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These to…
CVE-2022-46416CRITICALCVSS 9.1EG 9.1
2023-03-27
Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by gu…
CVE-2022-46485HIGHCVSS 7.5EG 7.5
2023-08-02
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".
CVE-2022-4723MEDIUMCVSS 6.5EG 6.5
2022-12-27
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVE-2022-47562HIGHCVSS 7.5EG 7.5
2023-09-20
Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.
CVE-2022-48064MEDIUMCVSS 5.5EG 5.5
2023-08-22
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48357HIGHCVSS 7.5EG 7.5
2023-03-27
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.
CVE-2022-48440MEDIUMCVSS 5.5EG 5.5
2023-06-06
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48441MEDIUMCVSS 5.5EG 5.5
2023-06-06
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48498HIGHCVSS 7.5EG 7.5
2023-06-19
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-49035MEDIUMCVSS 5.5EG 5.5
2025-01-02
In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case.
CVE-2022-50695HIGHCVSS 7.5EG 9.8
2025-12-30
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dn…
CVE-2022-50799HIGHCVSS 7.5EG 7.5
2025-12-30
Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause…
CVE-2023-0121MEDIUMCVSS 6.5EG 6.5
2023-06-07
A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to…
CVE-2023-0382MEDIUMCVSS 6.5EG 6.5
2023-04-05
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.
CVE-2023-0383HIGHCVSS 7.5EG 7.5
2023-04-20
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.
CVE-2023-0568HIGHCVSS 7.5EG 9.8
2023-02-16
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after…
CVE-2023-0616MEDIUMCVSS 6.5EG 6.5
2023-06-02
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actio…
CVE-2023-0809MEDIUMCVSS 5.8EG 5.8
2023-10-02
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
CVE-2023-0921MEDIUMCVSS 4.3EG 4.3
2023-06-06
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedl…
CVE-2023-1544MEDIUMCVSS 6.0EG 5.5
2023-03-23
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, p…
CVE-2023-20033HIGHCVSS 8.6EG 8.6
2023-09-27
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) c…
CVE-2023-20047MEDIUMCVSS 6.5EG 6.5
2023-01-20
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected devic…
CVE-2023-20067HIGHCVSS 7.4EG 6.5
2023-03-23
A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. T…
CVE-2023-20108HIGHCVSS 7.5EG 7.5
2023-06-28
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco…
CVE-2023-20155HIGHCVSS 7.5EG 7.5
2023-11-01
A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also …
CVE-2023-20930MEDIUMCVSS 5.5EG 5.5
2023-05-15
In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interact…
CVE-2023-21110HIGHCVSS 7.8EG 7.8
2023-05-15
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction …
CVE-2023-21144HIGHCVSS 7.5EG 7.5
2023-06-15
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interac…
CVE-2023-21176MEDIUMCVSS 4.4EG 4.4
2023-06-28
In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploit…
CVE-2023-22323HIGHCVSS 7.5EG 7.5
2023-02-01
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cau…
CVE-2023-22397MEDIUMCVSS 6.1EG 6.1
2023-01-13
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has esta…
CVE-2023-22403HIGHCVSS 7.5EG 7.5
2023-01-13
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Ser…

← PreviousPage 13 of 36Next →

Map vulnerabilities like CWE-770 to your infrastructure

EchelonGraph correlates every CVE — across CWE-770 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →