CWE-770— Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.— MITRE CWE catalog
1,933 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-770page 22 of 39
- CVE-2024-45669MEDIUMCVSS 6.5EG 6.52025-09-10
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to uncontrolled resource consumption.
- CVE-2024-45700MEDIUMCVSS 6.5EG 6.52025-04-02
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CP…
- CVE-2024-45797HIGHCVSS 7.5EG 7.52024-10-16
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly lea…
- CVE-2024-46666MEDIUMCVSS 5.3EG 5.32025-01-14
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to pr…
- CVE-2024-46667HIGHCVSS 7.5EG 7.52025-01-14
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all …
- CVE-2024-46668HIGHCVSS 7.5EG 7.52025-01-14
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenti…
- CVE-2024-46745MEDIUMCVSS 5.5EG 5.52024-09-18
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slo…
- CVE-2024-46921MEDIUMCVSS 6.5EG 6.52025-01-13
An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RR…
- CVE-2024-46933HIGHCVSS 7.7EG 7.72025-02-20
An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged acc…
- CVE-2024-47401MEDIUMCVSS 4.3EG 4.32024-10-29
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL resp…
- CVE-2024-47502HIGHCVSS 7.5EG 7.52024-10-11
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of …
- CVE-2024-47505MEDIUMCVSS 6.5EG 6.52024-10-11
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denia…
- CVE-2024-47508MEDIUMCVSS 6.5EG 6.52024-10-11
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denia…
- CVE-2024-47509MEDIUMCVSS 6.5EG 6.52024-10-11
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denia…
- CVE-2024-47614HIGHCVSS 7.5EG 7.52024-10-03
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This…
- CVE-2024-4781MEDIUMCVSS 6.5EG 6.52024-08-16
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.
- CVE-2024-4782MEDIUMCVSS 6.5EG 6.52024-08-16
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.
- CVE-2024-47874HIGHCVSS 8.7EG 8.72024-10-15
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size l…
- CVE-2024-47967MEDIUMCVSS 4.4EG 4.42024-10-07
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
- CVE-2024-47969MEDIUMCVSS 6.2EG 6.22024-10-07
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
- CVE-2024-48080HIGHCVSS 7.5EG 7.52024-12-03
An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. NOTE: the Supplier indicates that exploitation cannot occur because of the protection mechanism in the validateTopic function in lib/utils.…
- CVE-2024-48530HIGHCVSS 7.5EG 7.52024-11-20
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2024-48809HIGHCVSS 7.5EG 7.52024-11-04
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function.
- CVE-2024-48843HIGHCVSS 7.7EG 7.72024-12-05
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- CVE-2024-48844HIGHCVSS 7.7EG 7.72024-12-05
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- CVE-2024-48989HIGHCVSS 7.5EG 7.52024-11-13
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.
- CVE-2024-49589MEDIUMCVSS 6.5EG 6.52025-02-18
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
- CVE-2024-49735HIGHCVSS 7.8EG 7.82025-01-21
In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed …
- CVE-2024-49767HIGHCVSS 7.5EG 7.52024-10-25
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask appl…
- CVE-2024-50271MEDIUMCVSS 5.5EG 5.52024-11-19
In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforc…
- CVE-2024-50285MEDIUMCVSS 5.5EG 5.52024-11-19
In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. I…
- CVE-2024-50311MEDIUMCVSS 6.5EG 6.52024-10-22
A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attac…
- CVE-2024-50955HIGHCVSS 7.5EG 7.52024-11-13
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.
- CVE-2024-51428HIGHCVSS 7.5EG 7.52024-11-07
An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.
- CVE-2024-51461MEDIUMCVSS 4.3EG 4.32025-04-11
IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.
- CVE-2024-51557MEDIUMCVSS 6.5EG 6.52024-11-04
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint wh…
- CVE-2024-5208MEDIUMCVSS 6.5EG 6.52024-06-19
An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending inval…
- CVE-2024-5209MEDIUMCVSS 6.5EG 6.52024-08-16
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.
- CVE-2024-5210MEDIUMCVSS 6.5EG 6.52024-08-16
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted.
- CVE-2024-52581HIGHCVSS 7.5EG 7.52024-11-20
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the t…
- CVE-2024-52796MEDIUMCVSS 5.3EG 5.32024-11-20
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad …
- CVE-2024-52797MEDIUMCVSS 6.5EG 6.52024-11-21
Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previ…
- CVE-2024-52804HIGHCVSS 7.5EG 7.52024-11-22
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing mal…
- CVE-2024-52805HIGHCVSS 7.5EG 7.52024-12-03
Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be us…
- CVE-2024-52913MEDIUMCVSS 5.3EG 5.32024-11-18
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.
- CVE-2024-52914HIGHCVSS 7.5EG 7.52024-11-18
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
- CVE-2024-52915HIGHCVSS 7.5EG 7.52024-11-18
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
- CVE-2024-52916HIGHCVSS 7.5EG 7.52024-11-18
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
- CVE-2024-52917MEDIUMCVSS 6.5EG 6.52024-11-18
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
- CVE-2024-52918MEDIUMCVSS 6.5EG 6.52024-11-18
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.
Map vulnerabilities like CWE-770 to your infrastructure
EchelonGraph correlates every CVE — across CWE-770 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →