Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0118 3Apache DebianRedhat 3Debian Linux Http ServerJboss Enterprise Application Platform May 6, 2026 Jul 20, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resourc...Show more The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.Show less
CVE-2013-5567 1Cisco 1Adaptive Security Appliance Software May 6, 2026 Jul 14, 2014 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (...Show more Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606.Show less
CVE-2014-2343 1Trianglemicroworks 1Scada Data Gateway May 6, 2026 May 30, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.
CVE-2014-2342 1Trianglemicroworks 1Scada Data Gateway May 6, 2026 May 30, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.
CVE-2014-3122 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux May 6, 2026 May 11, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a...Show more The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.Show less
CVE-2014-1500 5Mozilla OpensuseOpensuse Project+2 more 8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 more May 6, 2026 Mar 19, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution...Show more Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.Show less
CVE-2012-6638 1Linux 1Linux Kernel Apr 29, 2026 Feb 15, 2014 N/A· v4 N/A· v3 7.8 HIGH· v2 The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a differ...Show more The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663.Show less
CVE-2013-2128 1Linux 1Linux Kernel Apr 29, 2026 Jun 7, 2013 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system ca...Show more The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.Show less
CVE-2013-2763 1Schneider Electric 12Modicon M340 Bmx Noc 0401 Firmware Modicon M340 Bmx Noe 0100 FirmwareModicon M340 Bmx Noe 0100h Firmware+9 more Apr 29, 2026 Apr 4, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplic...Show more The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.Show less
CVE-2010-5107 1Openbsd 1Openssh May 29, 2026 Mar 7, 2013 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connecti...Show more The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.Show less
CVE-2011-2491 2Linux Redhat 4Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+1 more Apr 29, 2026 Mar 1, 2013 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
CVE-2012-0876 6Canonical DebianLibexpat Project+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more Apr 29, 2026 Jul 3, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU co...Show more The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.Show less
CVE-2012-0260 5Canonical DebianImagemagick+2 more 11Debian Linux Enterprise Linux AusEnterprise Linux Desktop+8 more Apr 29, 2026 Jun 5, 2012 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2011-2918 1Linux 1Linux Kernel Apr 29, 2026 May 24, 2012 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang)...Show more The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.Show less
CVE-2011-2906 1Linux 1Linux Kernel Apr 29, 2026 May 24, 2012 N/A· v4 5.5 MEDIUM· v3 4.7 MEDIUM· v2 Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) v...Show more Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor.Show less
CVE-2012-0879 4Canonical DebianLinux+1 more 6Debian Linux Linux Enterprise DesktopLinux Enterprise High Availability Extension+3 more Apr 29, 2026 May 17, 2012 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple proce...Show more The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.Show less
CVE-2012-0058 1Linux 1Linux Kernel Apr 29, 2026 May 17, 2012 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.
CVE-2012-0382 1Cisco 2Ios Ios Xe Apr 29, 2026 Mar 29, 2012 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG bef...Show more The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.Show less
CVE-2011-3954 1Google 1Chrome Apr 29, 2026 Feb 9, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
CVE-2012-0024 1Maradns 1Maradns Apr 29, 2026 Jan 8, 2012 N/A· v4 N/A· v3 7.8 HIGH· v2 MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU c...Show more MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.Show less

Previous 1...151152153 154 155 Next