CWE-400
Uncontrolled Resource Consumption
Description
The product does not properly control the allocation and maintenance of a limited resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-147 · CAPEC-227 · CAPEC-492
CVEs mapped to this weakness (1,853)
page 17 of 93| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7086 | Hig | 0.49 | 7.5 | 0.02 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource… | ||
| CVE-2014-9697 | Hig | 0.49 | 7.5 | 0.01 | Oct 17, 2017 | Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. | ||
| CVE-2017-10608 | Hig | 0.49 | 7.5 | 0.01 | Oct 13, 2017 | Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service… | ||
| CVE-2017-15193 | Hig | 0.49 | 7.5 | 0.03 | Oct 10, 2017 | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. | ||
| CVE-2015-7384 | Hig | 0.49 | 7.5 | 0.08 | Oct 10, 2017 | Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | ||
| CVE-2017-14616 | Hig | 0.49 | 7.5 | 0.02 | Sep 20, 2017 | An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing… | ||
| CVE-2013-7428 | Hig | 0.49 | 7.5 | 0.02 | Sep 7, 2017 | The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php. | ||
| CVE-2017-14158 | Hig | 0.49 | 7.5 | 0.02 | Sep 5, 2017 | Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource,… | ||
| CVE-2017-14137 | Hig | 0.49 | 7.5 | 0.01 | Sep 4, 2017 | ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. | ||
| CVE-2015-1417 | Hig | 0.49 | 7.5 | 0.03 | Jul 25, 2017 | The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote… | ||
| CVE-2017-11521 | Hig | 0.49 | 7.5 | 0.02 | Jul 22, 2017 | The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. | ||
| CVE-2017-7063 | Hig | 0.49 | 7.5 | 0.03 | Jul 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash). | ||
| CVE-2017-7007 | Hig | 0.49 | 7.5 | 0.02 | Jul 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash). | ||
| CVE-2017-7684 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server. | ||
| CVE-2017-2348 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other… | ||
| CVE-2017-1000064 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS | ||
| CVE-2017-9845 | Hig | 0.49 | 7.5 | 0.03 | Jul 12, 2017 | disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | ||
| CVE-2017-11142 | Hig | 0.49 | 7.5 | 0.08 | Jul 10, 2017 | In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. | ||
| CVE-2017-10922 | Hig | 0.49 | 7.5 | 0.02 | Jul 5, 2017 | The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | ||
| CVE-2017-6017 | Hig | 0.49 | 7.5 | 0.05 | Jun 30, 2017 | A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A… |
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource…
- risk 0.49cvss 7.5epss 0.01
Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.
- risk 0.49cvss 7.5epss 0.01
Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service…
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
- risk 0.49cvss 7.5epss 0.08
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing…
- risk 0.49cvss 7.5epss 0.02
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.
- risk 0.49cvss 7.5epss 0.02
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource,…
- risk 0.49cvss 7.5epss 0.01
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
- risk 0.49cvss 7.5epss 0.03
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote…
- risk 0.49cvss 7.5epss 0.02
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.
- risk 0.49cvss 7.5epss 0.03
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).
- risk 0.49cvss 7.5epss 0.03
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
- risk 0.49cvss 7.5epss 0.01
The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other…
- risk 0.49cvss 7.5epss 0.01
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS
- risk 0.49cvss 7.5epss 0.03
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
- risk 0.49cvss 7.5epss 0.08
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
- risk 0.49cvss 7.5epss 0.02
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
- risk 0.49cvss 7.5epss 0.05
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A…