Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-17189 7Apache CanonicalDebian+4 more 12Debian Linux Enterprise Manager Ops CenterFedora+9 more Nov 21, 2024 Jan 30, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. Thi...Show more In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.Show less
CVE-2019-6986 1Duraspace 1Vitro Nov 21, 2024 Jan 28, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20reg...Show more SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.Show less
CVE-2019-1644 1Cisco 1Iot Field Network Director Nov 21, 2024 Jan 23, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condit...Show more A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition.Show less
CVE-2017-3144 4Canonical DebianIsc+1 more 9Debian Linux DhcpEnterprise Linux Desktop+6 more Nov 21, 2024 Jan 16, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4...Show more A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.Show less
CVE-2017-3140 2Isc Netapp 4Bind Data Ontap EdgeElement Software+1 more Nov 21, 2024 Jan 16, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9....Show more If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.Show less
CVE-2019-3554 1Facebook 1Wangle Nov 21, 2024 Jan 15, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle pr...Show more Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00Show less
CVE-2018-20699 2Docker Redhat 2Engine Enterprise Linux Server Nov 21, 2024 Jan 12, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.g...Show more Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.Show less
CVE-2018-15464 1Cisco 1Asr 900 Series Software Nov 21, 2024 Jan 11, 2019 N/A· v4 5.8 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability...Show more A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition.Show less
CVE-2018-6347 1Proxygen Project 1Proxygen May 6, 2025 Dec 31, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.
CVE-2018-6346 1Proxygen Project 1Proxygen May 6, 2025 Dec 31, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.
CVE-2018-6335 1Facebook 1Hhvm May 6, 2025 Dec 31, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and belo...Show more A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.Show less
CVE-2018-20543 1Libxsmm Project 1Libxsmm Nov 21, 2024 Dec 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service.
CVE-2018-20502 1Axiosys 1Bento4 Nov 21, 2024 Dec 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp.
CVE-2018-19871 2Opensuse Qt 2Leap Qt Nov 21, 2024 Dec 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
CVE-2018-18960 1Epson 1Epson Workforce Wf 2861 Firmware Nov 21, 2024 Dec 24, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification atta...Show more An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.Show less
CVE-2017-9732 1Secure Endpoints 1Kerberised Netcat Nov 21, 2024 Dec 20, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running...Show more The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host.Show less
CVE-2018-1000872 1Pykmip Project 1Pykmip Nov 21, 2024 Dec 20, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable...Show more OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0.Show less
CVE-2018-20186 1Axiosys 1Bento4 Nov 21, 2024 Dec 17, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::Rea...Show more An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.Show less
CVE-2018-20169 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux Nov 21, 2024 Dec 17, 2018 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVE-2018-6707 1Mcafee 1Agent Nov 21, 2024 Dec 14, 2018 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthor...Show more Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism.Show less

Previous 1...132133134...155 Next