Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,099)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-12296 1Intel 13Dsl5320 Thunderbolt 2 Firmware Dsl5520 Thunderbolt 2 FirmwareDsl6340 Thunderbolt 3 Firmware+10 more Nov 21, 2024 Jun 9, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-12291 1Intel 13Dsl5320 Thunderbolt 2 Firmware Dsl5520 Thunderbolt 2 FirmwareDsl6340 Thunderbolt 3 Firmware+10 more Nov 21, 2024 Jun 9, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2021-23852 1Bosch 5Cpp13 Firmware Cpp4 FirmwareCpp6 Firmware+2 more Nov 21, 2024 Jun 9, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
CVE-2021-31340 1Siemens 25Simatic Reader Rf610r Cmiit Firmware Simatic Reader Rf610r Etsi FirmwareSimatic Reader Rf610r Fcc Firmware+22 more Nov 21, 2024 Jun 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All version...Show more A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.Show less
CVE-2021-22216 1Gitlab 1Gitlab Nov 21, 2024 Jun 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description
CVE-2021-26945 1Openexr 1Openexr Nov 21, 2024 Jun 8, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
CVE-2021-26260 3Debian FedoraprojectOpenexr 3Debian Linux FedoraOpenexr Nov 21, 2024 Jun 8, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different...Show more An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.Show less
CVE-2021-23215 3Debian FedoraprojectOpenexr 3Debian Linux FedoraOpenexr Nov 21, 2024 Jun 8, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
CVE-2021-22116 2Debian Vmware 2Debian Linux Rabbitmq Nov 21, 2024 Jun 8, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending mali...Show more RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.Show less
CVE-2020-1750 1Redhat 1Machine Config Operator Nov 21, 2024 Jun 7, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to schedule new pods...Show more A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to schedule new pods in the OpenShift cluster. This was fixed in openshift/machine-config-operator 4.4.3, openshift/machine-config-operator 4.3.25, openshift/machine-config-operator 4.2.36.Show less
CVE-2021-1564 1Cisco 2Video Surveillance 7070 Firmware Video Surveillance 7530pd Firmware Nov 21, 2024 Jun 4, 2021 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacke...Show more Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Show less
CVE-2021-1563 1Cisco 2Video Surveillance 7070 Firmware Video Surveillance 7530pd Firmware Nov 21, 2024 Jun 4, 2021 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacke...Show more Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Show less
CVE-2020-28469 2Gulpjs Oracle 2Communications Cloud Native Core Policy Glob Parent Nov 21, 2024 Jun 3, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CVE-2020-35510 1Redhat 1Jboss Remoting Nov 21, 2024 Jun 2, 2021 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected me...Show more A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.Show less
CVE-2020-14340 2Oracle Redhat 14Communications Cloud Native Core Console Communications Cloud Native Core Network Repository FunctionCommunications Cloud Native Core Policy+11 more Nov 21, 2024 Jun 2, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affec...Show more A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.Show less
CVE-2020-14326 2Netapp Redhat 3Integration Camel K Oncommand InsightResteasy Nov 21, 2024 Jun 2, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows...Show more A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.Show less
CVE-2021-32657 1Nextcloud 1Nextcloud Server Nov 21, 2024 Jun 1, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would dis...Show more Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The vulnerability is fixed in versions 19.0.11, 20.0.10, and 21.0.2. As a workaround, administrators can use the OCC command line tool to administrate the Nextcloud users.Show less
CVE-2021-33623 3Debian NetappTrim Newlines Project 3Debian Linux E Series Performance AnalyzerTrim Newlines Nov 21, 2024 May 28, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
CVE-2021-20237 1Zeromq 1Libzmq Nov 21, 2024 May 28, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive...Show more An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-20201 2Redhat Spice Project 2Enterprise Linux Spice Nov 21, 2024 May 28, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

Previous 1...106107108...155 Next