Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,098)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-7580 1Philips 1Hue Firmware Nov 21, 2024 Dec 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. Du...Show more Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.Show less
CVE-2020-5682 1Weseek 1Growi Nov 21, 2024 Dec 16, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior...Show more Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.Show less
CVE-2020-26264 1Ethereum 1Go Ethereum Nov 21, 2024 Dec 11, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a...Show more Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.Show less
CVE-2020-26409 1Gitlab 1Gitlab Nov 21, 2024 Dec 11, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
CVE-2020-12516 1Wago 10750 331 Firmware 750 352 Firmware750 829 Firmware+7 more Nov 21, 2024 Dec 10, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
CVE-2020-26257 2Fedoraproject Matrix 2Fedora Synapse Nov 21, 2024 Dec 9, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by...Show more Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`).Show less
CVE-2020-26256 1C2fo 1Fast Csv Nov 21, 2024 Dec 8, 2020 N/A· v4 6.5 MEDIUM· v3 3.5 LOW· v2 Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when u...Show more Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a CodeQL query which identified `EMPTY_ROW_REGEXP` regular expression as vulnerable.Show less
CVE-2020-25630 1Moodle 1Moodle Nov 21, 2024 Dec 8, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to...Show more A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.Show less
CVE-2020-12524 1Phoenixcontact 3Btp 2043w Firmware Btp 2070w FirmwareBtp 2102w Firmware Nov 21, 2024 Dec 2, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Serv...Show more Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).Show less
CVE-2020-5423 1Cloudfoundry 2Capi Release Cf Deployment Nov 21, 2024 Dec 2, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML p...Show more CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.Show less
CVE-2020-27813 2Debian Gorillatoolkit 2Debian Linux Websocket Nov 21, 2024 Dec 2, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket c...Show more An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.Show less
CVE-2020-16850 1Mitsubishielectric 19R00cpu Firmware R01cpu FirmwareR02cpu Firmware+16 more Nov 21, 2024 Nov 30, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Vali...Show more Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.Show less
CVE-2020-10772 1Nlnetlabs 1Unbound Nov 21, 2024 Nov 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of q...Show more An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.Show less
CVE-2020-7779 1Djvalidator Project 1Djvalidator Nov 21, 2024 Nov 26, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@---------------------------------------------------------------------...Show more All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.Show less
CVE-2020-14190 1Atlassian 2Crucible Fisheye Nov 21, 2024 Nov 25, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
CVE-2020-5668 1Mitsubishielectric 28R00cpu Firmware R01cpu FirmwareR02cpu Firmware+25 more Nov 21, 2024 Nov 20, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware vers...Show more Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packetShow less
CVE-2020-8277 4C Ares Project FedoraprojectNodejs+1 more 8Blockchain Platform C AresFedora+5 more Nov 21, 2024 Nov 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a D...Show more A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.Show less
CVE-2020-13349 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected...Show more An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.Show less
CVE-2020-13354 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high C...Show more A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.Show less
CVE-2020-5666 1Mitsubishielectric 8Melsec Iq R00 Firmware Melsec Iq R01 FirmwareMelsec Iq R02 Firmware+5 more Nov 21, 2024 Nov 16, 2020 N/A· v4 7.5 HIGH· v3 7.1 HIGH· v2 Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacke...Show more Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.Show less

Previous 1...113114115...155 Next