Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-4055 Resource Exhaustion vulnerability in multiple products
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
network
low complexity
momentjs tenable oracle CWE-400
6.5
2017-01-23 CVE-2017-5544 Resource Exhaustion vulnerability in Fiberhome Fengine S5800 Firmware V210R240
An issue was discovered on FiberHome Fengine S5800 switches V210R240.
network
high complexity
fiberhome CWE-400
5.9
2017-01-13 CVE-2016-9310 Resource Exhaustion vulnerability in NTP 4.2.4/4.2.7/4.2.8
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
network
low complexity
ntp CWE-400
6.5
2017-01-13 CVE-2016-7428 Resource Exhaustion vulnerability in NTP 4.2.8
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
low complexity
ntp CWE-400
4.3
2017-01-13 CVE-2016-7427 Resource Exhaustion vulnerability in NTP 4.2.8
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
low complexity
ntp CWE-400
4.3
2017-01-13 CVE-2016-7426 Resource Exhaustion vulnerability in multiple products
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
network
low complexity
ntp canonical redhat hpe CWE-400
7.5
2017-01-12 CVE-2017-5351 Resource Exhaustion vulnerability in Samsung Mobile
Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads.
network
low complexity
samsung CWE-400
7.5
2017-01-10 CVE-2016-6831 Resource Exhaustion vulnerability in Call-Cc Chicken
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak.
network
low complexity
call-cc CWE-400
7.5
2016-12-28 CVE-2016-9685 Resource Exhaustion vulnerability in Linux Kernel
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
local
low complexity
linux CWE-400
5.5
2016-12-28 CVE-2016-6213 Resource Exhaustion vulnerability in Linux Kernel
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
local
high complexity
linux CWE-400
4.7