Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-5648 1Ubuntu 1Ubuntu Linux Apr 23, 2026 Dec 14, 2006 N/A· v4 5.5 MEDIUM· v3 4.6 MEDIUM· v2 Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be...Show more Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.Show less
CVE-2006-6025 1Qualcomm 1Eudora Worldmail Apr 23, 2026 Nov 21, 2006 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained so...Show more QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Show less
CVE-2006-6017 1Wordpress 1Wordpress Apr 23, 2026 Nov 21, 2006 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string th...Show more WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.Show less
CVE-2006-5708 1Alt N 1Mdaemon Apr 23, 2026 Nov 4, 2006 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leak...Show more Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.Show less
CVE-2006-1364 1Microsoft 1Asp.net Apr 16, 2026 Mar 23, 2006 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption...Show more Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.Show less
CVE-2005-2309 1Opera 1Opera Browser Apr 16, 2026 Jul 19, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg.
CVE-2005-1260 4Apple BzipCanonical+1 more 4Bzip2 Debian LinuxMac Os X+1 more Apr 16, 2026 May 19, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVE-2005-0738 1Microsoft 1Exchange Server Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Informa...Show more Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.Show less
CVE-2004-1201 1Opera 1Opera Browser Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created a...Show more Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.Show less
CVE-2004-1464 1Cisco 1Ios Apr 16, 2026 Dec 31, 2004 N/A· v4 5.9 MEDIUM· v3 5.0 MEDIUM· v2 Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
CVE-2003-0714 1Microsoft 1Exchange Server Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb r...Show more The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.Show less
CVE-2002-1876 1Microsoft 1Exchange Server Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 2.1 LOW· v2 Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
CVE-2002-1873 1Microsoft 1Exchange Server Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
CVE-2002-0368 1Microsoft 1Exchange Server Apr 16, 2026 Jun 18, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Excha...Show more The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."Show less
CVE-2001-0827 1Grant Averett 1Ceberus Ftp Server Apr 16, 2026 Dec 6, 2001 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
CVE-2001-0666 1Microsoft 1Exchange Server Apr 16, 2026 Oct 30, 2001 N/A· v4 N/A· v3 2.1 LOW· v2 Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
CVE-1999-0159 1Cisco 1Ios Apr 16, 2026 Aug 12, 1998 N/A· v4 3.5 LOW· v3 5.0 MEDIUM· v2 Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.

Previous 1...151 152 153 154155