Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-6307 1Openssl 1Openssl May 6, 2026 Sep 26, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted T...Show more The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.Show less
CVE-2016-6172 2Opensuse Powerdns 3Authoritative Server LeapOpensuse May 6, 2026 Sep 26, 2016 N/A· v4 6.8 MEDIUM· v3 7.1 HIGH· v2 PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
CVE-2016-5403 5Canonical DebianOracle+2 more 13Debian Linux Enterprise Linux DesktopEnterprise Linux Server+10 more May 6, 2026 Aug 2, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion...Show more The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.Show less
CVE-2016-4592 2Apple Webkitgtk 2Webkit Webkitgtk May 6, 2026 Jul 22, 2016 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.
CVE-2014-3672 2Redhat Xen 2Libvirt Xen May 6, 2026 May 25, 2016 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-4037 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraQemu+1 more May 6, 2026 May 23, 2016 N/A· v4 6.0 MEDIUM· v3 4.9 MEDIUM· v2 The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siT...Show more The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.Show less
CVE-2016-1784 1Apple 3Iphone Os SafariTvos May 6, 2026 Mar 24, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web sit...Show more The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.Show less
CVE-2016-0747 5Apple CanonicalDebian+2 more 5Debian Linux LeapNginx+2 more May 6, 2026 Feb 15, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to...Show more The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.Show less
CVE-2015-1779 6Canonical DebianFedoraproject+3 more 11Debian Linux Enterprise Linux EusEnterprise Linux Server+8 more May 6, 2026 Jan 12, 2016 N/A· v4 8.6 HIGH· v3 7.8 HIGH· v2 The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-5600 1Openbsd 1Openssh May 27, 2026 Aug 3, 2015 N/A· v4 8.1 HIGH· v3 8.5 HIGH· v2 The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attac...Show more The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.Show less
CVE-2015-1916 1Ibm 1Java May 27, 2026 Jul 2, 2015 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.
CVE-2014-5418 1Ge 14Multilink Ml1200 Multilink Ml1200 FirmwareMultilink Ml1600+11 more May 6, 2026 Jan 17, 2015 N/A· v4 N/A· v3 7.8 HIGH· v2 GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service...Show more GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.Show less
CVE-2014-8124 4Fedoraproject OpenstackOpensuse+1 more 4Fedora HorizonOpensuse+1 more May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service...Show more OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.Show less
CVE-2014-7255 1Iij 4Seil B1 Firmware Seil X1 FirmwareSeil X2 Firmware+1 more May 6, 2026 Dec 5, 2014 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service...Show more Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent.Show less
CVE-2014-3407 1Cisco 1Adaptive Security Appliance Software May 6, 2026 Nov 28, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of...Show more The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.Show less
CVE-2014-8559 6Canonical LinuxNovell+3 more 11Evergreen LinuxLinux Enterprise Real Time Extension+8 more May 6, 2026 Nov 10, 2014 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafte...Show more The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.Show less
CVE-2014-3690 7Canonical DebianLinux+4 more 10Debian Linux Enterprise LinuxEvergreen+7 more May 6, 2026 Nov 10, 2014 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to ki...Show more arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.Show less
CVE-2014-3687 8Canonical DebianLinux+5 more 12Debian Linux Enterprise MrgEvergreen+9 more May 6, 2026 Nov 10, 2014 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks tha...Show more The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.Show less
CVE-2014-7970 3Canonical LinuxNovell 3Linux Kernel Suse Linux Enterprise ServerUbuntu Linux May 6, 2026 Oct 13, 2014 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree...Show more The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.Show less
CVE-2014-3328 1Cisco 1Unified Presence Server May 6, 2026 Jul 26, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.

Previous 1...150151152...155 Next