Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-3505 1Cisco 88000p Ip Camera Firmware 8020 Ip Camera Firmware8030 Ip Camera Firmware+5 more Nov 21, 2024 Aug 26, 2020 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) c...Show more A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Show less
CVE-2020-14522 1Softing 1Opc Nov 21, 2024 Aug 25, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service co...Show more Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.Show less
CVE-2020-3976 1Vmware 3Cloud Foundation EsxiVcenter Server Nov 21, 2024 Aug 21, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a ma...Show more VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.Show less
CVE-2020-9703 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Aug 19, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to applic...Show more Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.Show less
CVE-2020-9702 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Aug 19, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to applic...Show more Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.Show less
CVE-2020-13281 1Gitlab 1Gitlab Nov 21, 2024 Aug 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
CVE-2020-13280 1Gitlab 1Gitlab Nov 21, 2024 Aug 13, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
CVE-2020-8229 1Nextcloud 1Desktop Nov 21, 2024 Aug 10, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVE-2020-15114 2Fedoraproject Redhat 2Etcd Fedora Nov 21, 2024 Aug 6, 2020 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a...Show more In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.Show less
CVE-2020-11937 1Canonical 1Whoopsie Nov 21, 2024 Aug 6, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu...Show more In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.Show less
CVE-2020-12739 1Fanuc 16Power Motion I Model A Firmware Series 0i Mate D FirmwareSeries 0i Model B Firmware+13 more Nov 21, 2024 Aug 3, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.
CVE-2020-8220 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Jul 30, 2020 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
CVE-2020-8192 1Fastify 1Fastify Nov 21, 2024 Jul 30, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
CVE-2020-7016 2Elasticsearch Oracle 4Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native EnvironmentKibana+1 more Nov 21, 2024 Jul 27, 2020 N/A· v4 4.8 MEDIUM· v3 2.1 LOW· v2 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU...Show more Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.Show less
CVE-2020-8175 1Jpeg Js Project 1Jpeg Js Nov 21, 2024 Jul 24, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.
CVE-2020-14297 1Redhat 6Amq Jboss Ejb ClientJboss Enterprise Application Platform Continuous Delivery+3 more Nov 21, 2024 Jul 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavaila...Show more A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.Show less
CVE-2020-8557 1Kubernetes 1Kubernetes Nov 21, 2024 Jul 23, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is...Show more The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.Show less
CVE-2020-3372 1Cisco 1Sd Wan Firmware Nov 21, 2024 Jul 16, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an...Show more A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition.Show less
CVE-2020-3351 1Cisco 3Sd Wan Firmware Vedge Cloud RouterVsmart Controller Nov 21, 2024 Jul 16, 2020 N/A· v4 8.6 HIGH· v3 7.8 HIGH· v2 A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN pe...Show more A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.Show less
CVE-2020-15101 1Schokokeks 1Freewvs Nov 21, 2024 Jul 14, 2020 N/A· v4 3.3 LOW· v3 4.0 MEDIUM· v2 In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator sca...Show more In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1.Show less

Previous 1...117118119...155 Next