Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-25 | CVE-2014-3672 | Resource Exhaustion vulnerability in multiple products The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | 6.5 |
| 2016-05-23 | CVE-2016-4037 | Resource Exhaustion vulnerability in multiple products The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. | 6.0 |
| 2016-03-24 | CVE-2016-1784 | Resource Exhaustion vulnerability in Apple Iphone OS The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | 6.5 |
| 2016-02-15 | CVE-2016-0747 | Resource Exhaustion vulnerability in multiple products The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. | 5.3 |
| 2016-01-12 | CVE-2015-1779 | Resource Exhaustion vulnerability in multiple products The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | 8.6 |
| 2014-12-05 | CVE-2014-7255 | Resource Exhaustion vulnerability in IIJ products Internet Initiative Japan Inc. | 7.5 |
| 2014-11-10 | CVE-2014-8559 | Resource Exhaustion vulnerability in multiple products The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. | 5.5 |
| 2014-11-10 | CVE-2014-3690 | Resource Exhaustion vulnerability in multiple products arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. | 5.5 |
| 2014-11-10 | CVE-2014-3687 | Resource Exhaustion vulnerability in multiple products The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | 7.5 |
| 2014-10-13 | CVE-2014-7970 | Resource Exhaustion vulnerability in multiple products The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . | 5.5 |