Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-3651 1Keycloak 1Keycloak May 13, 2026 Dec 29, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVE-2017-12741 1Siemens 38Dk Standard Ethernet Controller Firmware Ek Ertec 200p FirmwareEk Ertec 200pn Io Firmware+35 more May 13, 2026 Dec 26, 2017 8.7 HIGH· v4 7.5 HIGH· v3 7.8 HIGH· v2 Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
CVE-2017-17682 3Canonical DebianImagemagick 3Debian Linux ImagemagickUbuntu Linux May 13, 2026 Dec 14, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that...Show more In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.Show less
CVE-2017-15529 1Symantec 1Norton Family May 13, 2026 Dec 13, 2017 N/A· v4 6.2 MEDIUM· v3 2.1 LOW· v2 Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its i...Show more Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.Show less
CVE-2017-4920 1Vmware 1Nsx V Edge May 13, 2026 Dec 5, 2017 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue result...Show more The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.Show less
CVE-2017-17051 1Openstack 1Nova May 13, 2026 Dec 5, 2017 N/A· v4 8.6 HIGH· v3 4.0 MEDIUM· v2 An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to...Show more An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.Show less
CVE-2017-15701 1Apache 1Qpid Broker J May 13, 2026 Dec 1, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to e...Show more In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.Show less
CVE-2017-2734 1Huawei 1P9 Plus Firmware May 13, 2026 Nov 22, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the appli...Show more P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion.Show less
CVE-2017-2690 1Huawei 7Espace U1910 Firmware Espace U1911 FirmwareEspace U1930 Firmware+4 more May 13, 2026 Nov 22, 2017 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960...Show more SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition.Show less
CVE-2017-12190 1Linux 1Linux Kernel May 13, 2026 Nov 22, 2017 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc...Show more The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.Show less
CVE-2017-1000191 1Jool 1Jool May 13, 2026 Nov 17, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.
CVE-2017-14028 1Moxa 3Nport 5110 Firmware Nport 5130 FirmwareNport 5150 Firmware May 13, 2026 Nov 16, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. A...Show more A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.Show less
CVE-2017-12318 1Cisco 1Rf Gateway 1 Firmware May 13, 2026 Nov 16, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) s...Show more A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887.Show less
CVE-2016-8610 7Debian FujitsuNetapp+4 more 45Adaptive Access Manager Application Testing SuiteClustered Data Ontap+42 more May 13, 2026 Nov 13, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use t...Show more A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.Show less
CVE-2017-7132 1Apple 1Mac Os X May 13, 2026 Nov 13, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memor...Show more An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.Show less
CVE-2017-13825 1Apple 1Mac Os X May 13, 2026 Nov 13, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory...Show more An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file.Show less
CVE-2017-14360 1Hp 1Content Manager May 13, 2026 Nov 8, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).
CVE-2017-2889 1Meetcircle 1Circle With Disney Firmware May 13, 2026 Nov 7, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the...Show more An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability.Show less
CVE-2017-2884 1Meetcircle 1Circle With Disney Firmware May 13, 2026 Nov 7, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, res...Show more An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability.Show less
CVE-2017-6161 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Application Acceleration Manager+8 more May 13, 2026 Oct 27, 2017 N/A· v4 5.3 MEDIUM· v3 2.9 LOW· v2 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, att...Show more In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.Show less

Previous 1...143144145...155 Next