Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2017-03-22 CVE-2017-3856 Resource Exhaustion vulnerability in Cisco IOS XE
A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload.
network
low complexity
cisco CWE-400
7.5
2017-03-20 CVE-2014-9849 Resource Exhaustion vulnerability in multiple products
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
7.5
2017-03-20 CVE-2014-9842 Resource Exhaustion vulnerability in multiple products
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
7.5
2017-03-12 CVE-2017-6444 Resource Exhaustion vulnerability in Mikrotik Routeros 6.25
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets.
network
low complexity
mikrotik CWE-400
7.5
2017-03-09 CVE-2017-6552 Resource Exhaustion vulnerability in Sagemcom Livebox Firmware 5.15.8.1
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes.
network
low complexity
sagemcom CWE-400
7.5
2017-03-07 CVE-2016-9643 Resource Exhaustion vulnerability in Webkit 2.4.11
The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).
network
low complexity
webkit CWE-400
7.5
2017-03-03 CVE-2017-5867 Resource Exhaustion vulnerability in Owncloud
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
network
low complexity
owncloud CWE-400
6.5
2017-02-14 CVE-2017-5972 Resource Exhaustion vulnerability in Linux Kernel
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7.
network
low complexity
linux CWE-400
7.5
2017-02-13 CVE-2016-9367 Resource Exhaustion vulnerability in Moxa products
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.
network
low complexity
moxa CWE-400
7.5
2017-02-13 CVE-2016-8374 Resource Exhaustion vulnerability in Schneider-Electric products
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe).
network
low complexity
schneider-electric CWE-400
7.5