Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-9367 1Moxa 10Nport 5100 Series Firmware Nport 5100a Series FirmwareNport 5200 Series Firmware+7 more Jun 2, 2026 Feb 13, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series version...Show more An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion.Show less
CVE-2016-8374 1Schneider Electric 8Magelis Gto Advanced Optimum Panel Firmware Magelis Gtu Universal Panel FirmwareMagelis Sto5 Small Panel Firmware+5 more May 13, 2026 Feb 13, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Ad...Show more An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.Show less
CVE-2016-8367 1Schneider Electric 8Magelis Gto Advanced Optimum Panel Firmware Magelis Gtu Universal Panel FirmwareMagelis Sto5 Small Panel Firmware+5 more May 13, 2026 Feb 13, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Ad...Show more An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.Show less
CVE-2016-6171 1Knot Dns 1Knot Dns May 13, 2026 Feb 9, 2017 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
CVE-2016-4571 2Debian Mini Xml Project 2Debian Linux Mini Xml May 13, 2026 Feb 3, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2016-4570 2Debian Mini Xml Project 2Debian Linux Mini Xml May 13, 2026 Feb 3, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2016-9039 1Joyent 1Smartos May 13, 2026 Jan 31, 2017 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a bu...Show more An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service.Show less
CVE-2015-7978 1Ntp 1Ntp May 13, 2026 Jan 30, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
CVE-2016-4055 3Momentjs OracleTenable 3Moment NessusPrimavera Unifier May 13, 2026 Jan 23, 2017 N/A· v4 6.5 MEDIUM· v3 7.8 HIGH· v2 The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
CVE-2017-5544 1Fiberhome 1Fengine S5800 Firmware May 13, 2026 Jan 23, 2017 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger a...Show more An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.Show less
CVE-2016-9310 1Ntp 1Ntp May 13, 2026 Jan 13, 2017 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2016-7428 1Ntp 1Ntp May 13, 2026 Jan 13, 2017 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
CVE-2016-7427 1Ntp 1Ntp May 13, 2026 Jan 13, 2017 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
CVE-2016-7426 4Canonical HpeNtp+1 more 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+6 more May 13, 2026 Jan 13, 2017 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sou...Show more NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.Show less
CVE-2017-5351 1Samsung 1Samsung Mobile May 6, 2026 Jan 12, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.
CVE-2016-6831 1Call Cc 1Chicken May 6, 2026 Jan 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial o...Show more The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).Show less
CVE-2016-9685 1Linux 1Linux Kernel May 6, 2026 Dec 28, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
CVE-2016-6213 1Linux 1Linux Kernel May 6, 2026 Dec 28, 2016 N/A· v4 4.7 MEDIUM· v3 4.7 MEDIUM· v2 fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount sy...Show more fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.Show less
CVE-2016-8858 1Openbsd 1Openssh May 29, 2026 Dec 9, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party report...Show more The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."Show less
CVE-2016-8666 1Linux 1Linux Kernel May 6, 2026 Oct 16, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with...Show more The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.Show less

Previous 1...149150151...155 Next