Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15100 1Schokokeks 1Freewvs Nov 21, 2024 Jul 14, 2020 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.
CVE-2020-7587 1Siemens 13Opcenter Execution Discrete Opcenter Execution FoundationOpcenter Execution Process+10 more Nov 21, 2024 Jul 14, 2020 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All...Show more A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.Show less
CVE-2020-7584 1Siemens 2Simatic S7 200 Smart Sr Cpu Firmware Simatic S7 200 Smart St Cpu Firmware Nov 21, 2024 Jul 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain cir...Show more A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation.Show less
CVE-2020-10745 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraLeap+1 more Nov 21, 2024 Jul 7, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive...Show more A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.Show less
CVE-2020-15565 4Debian FedoraprojectOpensuse+1 more 4Debian Linux FedoraLeap+1 more Nov 21, 2024 Jul 7, 2020 N/A· v4 8.8 HIGH· v3 6.1 MEDIUM· v2 An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables...Show more An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.Show less
CVE-2020-8185 2Fedoraproject Rubyonrails 2Fedora Rails Nov 21, 2024 Jul 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
CVE-2020-8663 1Envoyproxy 1Envoy Nov 21, 2024 Jul 1, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
CVE-2020-12603 1Envoyproxy 1Envoy Nov 21, 2024 Jul 1, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
CVE-2020-5603 1Mitsubishielectric 20Cpu Module Logging Configuration Tool Cw ConfiguratorEm Configurator+17 more Nov 21, 2024 Jun 30, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Developm...Show more Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.Show less
CVE-2020-9611 1Adobe 2Acrobat Dc Acrobat Reader Dc Nov 21, 2024 Jun 25, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could le...Show more Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.Show less
CVE-2015-9548 1Mattermost 1Mattermost Server Nov 21, 2024 Jun 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
CVE-2018-21250 1Mattermost 1Mattermost Server Nov 21, 2024 Jun 19, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
CVE-2019-20858 1Mattermost 1Mattermost Server Nov 21, 2024 Jun 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVE-2017-9104 3Fedoraproject GnuOpensuse 3Adns FedoraLeap Nov 21, 2024 Jun 18, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.
CVE-2020-7507 1Schneider Electric 1Easergy T300 Firmware Nov 21, 2024 Jun 16, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.
CVE-2020-14152 2Debian Ijg 2Debian Linux Libjpeg Nov 21, 2024 Jun 15, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
CVE-2018-16848 1Redhat 1Openstack Mistral Nov 21, 2024 Jun 15, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exha...Show more A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.Show less
CVE-2020-0173 1Google 1Android Nov 21, 2024 Jun 11, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed...Show more In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313764Show less
CVE-2020-11090 1Linuxfoundation 1Indy Node Nov 21, 2024 Jun 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a...Show more In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.Show less
CVE-2020-13238 1Mitsubishielectric 21Melsec Iq R00cpu Firmware Melsec Iq R01cpu FirmwareMelsec Iq R02cpu Firmware+18 more Nov 21, 2024 Jun 10, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive C...Show more Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.Show less

Previous 1...118119120...155 Next