Vulnerabilities > Resource Management Errors
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-05 | CVE-2016-8740 | Resource Management Errors vulnerability in Apache Http Server The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | 7.5 |
| 2016-11-28 | CVE-2016-9191 | Resource Management Errors vulnerability in Linux Kernel The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. | 5.5 |
| 2016-11-28 | CVE-2016-8650 | Resource Management Errors vulnerability in Linux Kernel The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | 5.5 |
| 2016-11-22 | CVE-2015-8978 | Resource Management Errors vulnerability in Soap::Lite Project Soap::Lite In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. | 7.5 |
| 2016-11-19 | CVE-2016-6466 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. | 7.5 |
| 2016-11-17 | CVE-2016-9376 | Resource Management Errors vulnerability in multiple products In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. | 5.9 |
| 2016-11-17 | CVE-2016-9375 | Resource Management Errors vulnerability in multiple products In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. | 5.9 |
| 2016-11-17 | CVE-2016-9374 | Resource Management Errors vulnerability in multiple products In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. | 5.9 |
| 2016-11-17 | CVE-2016-9372 | Resource Management Errors vulnerability in Wireshark 2.2.0/2.2.1 In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. | 5.9 |
| 2016-11-03 | CVE-2016-6455 | Resource Management Errors vulnerability in Cisco ASR 5000 Software A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. | 7.5 |