Vulnerabilities > Allocation of Resources Without Limits or Throttling

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3555 Allocation of Resources Without Limits or Throttling vulnerability in Oracle Ireceivables
Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration).
network
low complexity
oracle CWE-770
7.5
2017-04-19 CVE-2017-7963 Allocation of Resources Without Limits or Throttling vulnerability in PHP
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings.
network
low complexity
php CWE-770
7.5
2017-04-14 CVE-2017-7696 Allocation of Resources Without Limits or Throttling vulnerability in SAP SSO Authentication Library 2.0/3.0
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.
network
low complexity
sap CWE-770
7.5
2017-03-27 CVE-2017-5850 Allocation of Resources Without Limits or Throttling vulnerability in Openbsd 6.0
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
network
low complexity
openbsd CWE-770
7.5
2017-03-03 CVE-2017-5835 Allocation of Resources Without Limits or Throttling vulnerability in Libimobiledevice Libplist
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
network
low complexity
libimobiledevice CWE-770
7.5
2016-11-04 CVE-2016-8576 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
local
low complexity
qemu opensuse redhat debian CWE-770
6.0
2016-05-06 CVE-2016-4074 Allocation of Resources Without Limits or Throttling vulnerability in JQ Project JQ 1.5
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.
network
low complexity
jq-project CWE-770
7.5