Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-5364 1Microsoft 4Windows 7 Windows Server 2003Windows Vista+1 more Nov 21, 2024 Feb 20, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
CVE-2012-5363 2Freebsd Netbsd 2Freebsd Netbsd Nov 21, 2024 Feb 20, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability...Show more The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.Show less
CVE-2012-5362 1Microsoft 4Windows 7 Windows Server 2003Windows Vista+1 more Nov 21, 2024 Feb 20, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.
CVE-2020-3132 1Cisco 2Cloud Email Security Email Security Appliance Nov 21, 2024 Feb 19, 2020 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condit...Show more A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur.Show less
CVE-2020-8992 4Canonical LinuxNetapp+1 more 10Active Iq Unified Manager Cloud BackupData Availability Services+7 more Nov 21, 2024 Feb 14, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
CVE-2020-3741 1Adobe 1Experience Manager Nov 21, 2024 Feb 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.
CVE-2013-4602 1Avira 10Antivir Mailgate Antivir Mailgate SuiteAntivir Personal+7 more Nov 21, 2024 Feb 12, 2020 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
CVE-2011-3336 4Apple FreebsdOpenbsd+1 more 4Freebsd Mac Os XOpenbsd+1 more Nov 21, 2024 Feb 12, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
CVE-2012-0810 1Linux 1Linux Kernel Nov 21, 2024 Feb 12, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock con...Show more The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.Show less
CVE-2019-13946 1Siemens 52Dk Standard Ethernet Controller Ek Ertec 200 FirmwareEk Ertec 200p Firmware+49 more Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of ser...Show more Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.Show less
CVE-2019-13940 1Siemens 24S7 1200 Cpu 1211c Firmware S7 1200 Cpu 1212c FirmwareS7 1200 Cpu 1212fc Firmware+21 more Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3...Show more A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.Show less
CVE-2019-13926 1Siemens 4Scalance S602 Firmware Scalance S612 FirmwareScalance S623 Firmware+1 more Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >=...Show more A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.Show less
CVE-2019-13925 1Siemens 4Scalance S602 Firmware Scalance S612 FirmwareScalance S623 Firmware+1 more Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >=...Show more A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server.Show less
CVE-2020-1700 4Canonical CephOpensuse+1 more 4Ceph LeapOpenshift Container Storage+1 more Nov 21, 2024 Feb 7, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket conn...Show more A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.Show less
CVE-2016-1544 2Fedoraproject Nghttp2 2Fedora Nghttp2 Nov 21, 2024 Feb 6, 2020 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
CVE-2020-8123 1Strapi 1Strapi Nov 21, 2024 Feb 4, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
CVE-2019-9674 3Canonical NetappPython 3Active Iq Unified Manager PythonUbuntu Linux Dec 31, 2025 Feb 4, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
CVE-2020-5236 1Agendaless 1Waitress Nov 21, 2024 Feb 4, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine t...Show more Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.Show less
CVE-2019-20446 6Canonical DebianFedoraproject+3 more 6Active Iq Unified Manager Debian LinuxFedora+3 more Nov 21, 2024 Feb 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of fina...Show more In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.Show less
CVE-2020-8492 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Jan 30, 2020 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of...Show more Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.Show less

Previous 1...122123124...155 Next