Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2017-03-12 CVE-2017-6444 Resource Exhaustion vulnerability in Mikrotik Routeros 6.25
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets.
network
low complexity
mikrotik CWE-400
7.8
2017-03-09 CVE-2017-6552 Resource Exhaustion vulnerability in Sagemcom Livebox Firmware 5.15.8.1
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes.
network
low complexity
sagemcom CWE-400
7.8
2017-03-07 CVE-2016-9643 Resource Exhaustion vulnerability in Webkit 2.4.11
The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).
network
low complexity
webkit CWE-400
5.0
2017-03-03 CVE-2017-5867 Resource Exhaustion vulnerability in Owncloud
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
network
low complexity
owncloud CWE-400
4.0
2017-02-14 CVE-2017-5972 Resource Exhaustion vulnerability in Linux Kernel
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7.
network
low complexity
linux CWE-400
7.8
2017-02-13 CVE-2016-9367 Resource Exhaustion vulnerability in Moxa products
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.
network
low complexity
moxa CWE-400
7.8
2017-02-13 CVE-2016-8374 Resource Exhaustion vulnerability in Schneider-Electric products
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe).
network
low complexity
schneider-electric CWE-400
7.8
2017-02-13 CVE-2016-8367 Resource Exhaustion vulnerability in Schneider-Electric products
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe).
network
low complexity
schneider-electric CWE-400
5.0
2017-02-09 CVE-2016-6171 Resource Exhaustion vulnerability in Knot-Dns Knot DNS 2.1.1/2.2.0/2.2.1
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
network
low complexity
knot-dns-project knot-dns CWE-400
5.0
2017-02-03 CVE-2016-4571 Resource Exhaustion vulnerability in multiple products
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
7.1