Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2017-02-13 CVE-2016-8367 Resource Exhaustion vulnerability in Schneider-Electric products
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe).
network
low complexity
schneider-electric CWE-400
5.3
2017-02-09 CVE-2016-6171 Resource Exhaustion vulnerability in Knot-Dns Knot DNS 2.1.1/2.2.0/2.2.1
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
network
low complexity
knot-dns CWE-400
8.6
2017-02-03 CVE-2016-4571 Resource Exhaustion vulnerability in multiple products
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
local
low complexity
mini-xml-project debian CWE-400
5.5
2017-02-03 CVE-2016-4570 Resource Exhaustion vulnerability in multiple products
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
local
low complexity
mini-xml-project debian CWE-400
5.5
2017-01-31 CVE-2016-9039 Resource Exhaustion vulnerability in Joyent Smartos 20161110T013148Z
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.
local
low complexity
joyent CWE-400
5.5
2017-01-30 CVE-2015-7978 Resource Exhaustion vulnerability in NTP
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
network
low complexity
ntp CWE-400
7.5
2017-01-23 CVE-2016-4055 Resource Exhaustion vulnerability in multiple products
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
network
low complexity
momentjs tenable oracle CWE-400
6.5
2017-01-23 CVE-2017-5544 Resource Exhaustion vulnerability in Fiberhome Fengine S5800 Firmware V210R240
An issue was discovered on FiberHome Fengine S5800 switches V210R240.
network
high complexity
fiberhome CWE-400
5.9
2017-01-13 CVE-2016-9310 Resource Exhaustion vulnerability in NTP 4.2.4/4.2.7/4.2.8
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
network
low complexity
ntp CWE-400
6.5
2017-01-13 CVE-2016-7428 Resource Exhaustion vulnerability in NTP 4.2.8
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
low complexity
ntp CWE-400
4.3