Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15882 1Londontrustmedia 1Private Internet Access May 13, 2026 Oct 26, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.
CVE-2017-7086 1Apple 4Iphone Os Mac Os XTvos+1 more May 13, 2026 Oct 23, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows r...Show more An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function.Show less
CVE-2017-12293 1Cisco 1Webex Meetings Server May 13, 2026 Oct 19, 2017 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connectio...Show more A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006.Show less
CVE-2014-7813 1Redhat 1Cloudforms 3.0 Management Engine May 13, 2026 Oct 18, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection...Show more Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.Show less
CVE-2017-15596 1Xen 1Xen May 13, 2026 Oct 18, 2017 N/A· v4 6.0 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.
CVE-2017-15595 1Xen 1Xen May 13, 2026 Oct 18, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table s...Show more An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.Show less
CVE-2014-9697 1Huawei 3Usg9520 Firmware Usg9560 FirmwareUsg9580 Firmware May 13, 2026 Oct 17, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.
CVE-2016-8734 2Apache Debian 2Debian Linux Subversion May 13, 2026 Oct 16, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the t...Show more Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.Show less
CVE-2017-15298 2Canonical Git Scm 2Git Ubuntu Linux May 13, 2026 Oct 14, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consump...Show more Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.Show less
CVE-2017-10621 1Juniper 1Junos May 13, 2026 Oct 13, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X4...Show more A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D90; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R4-S1, 16.1R5; 16.2 prior to 16.2R1-S3, 16.2R2;Show less
CVE-2017-10614 1Juniper 1Junos May 13, 2026 Oct 13, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected r...Show more A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47.Show less
CVE-2017-10613 1Juniper 1Junos May 13, 2026 Oct 13, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the abilit...Show more A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.Show less
CVE-2017-10608 1Juniper 1Junos May 13, 2026 Oct 13, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS...Show more Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX.Show less
CVE-2017-15193 1Wireshark 1Wireshark May 13, 2026 Oct 10, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
CVE-2015-7384 1Nodejs 1Node.js May 13, 2026 Oct 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
CVE-2017-5637 2Apache Debian 2Debian Linux Zookeeper May 13, 2026 Oct 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooK...Show more Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.Show less
CVE-2017-14086 1Trendmicro 1Officescan May 13, 2026 Oct 6, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potentia...Show more Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.Show less
CVE-2017-15010 1Salesforce 1Tough Cookie May 13, 2026 Oct 4, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the applicati...Show more A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.Show less
CVE-2017-14988 1Openexr 1Openexr May 13, 2026 Oct 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmIm...Show more Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't validShow less
CVE-2015-3248 1Openhpi 1Openhpi May 13, 2026 Sep 26, 2017 N/A· v4 4.7 MEDIUM· v3 4.7 MEDIUM· v2 openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause...Show more openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).Show less

Previous 1...144145146...155 Next