Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2019-15584 | Resource Exhaustion vulnerability in Gitlab A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | 6.5 |
| 2019-12-17 | CVE-2019-16555 | Resource Exhaustion vulnerability in Jenkins Build Failure Analyzer A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | 6.5 |
| 2019-12-13 | CVE-2014-0212 | Resource Exhaustion vulnerability in Apache Qpid-Cpp qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors | 7.5 |
| 2019-12-12 | CVE-2019-12420 | Resource Exhaustion vulnerability in multiple products In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. | 7.5 |
| 2019-12-11 | CVE-2013-3691 | Resource Exhaustion vulnerability in Ovislink Airlive Poe2600Hd Firmware AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. | 7.5 |
| 2019-12-10 | CVE-2013-4120 | Resource Exhaustion vulnerability in Theforeman Katello Katello has a Denial of Service vulnerability in API OAuth authentication | 7.5 |
| 2019-12-06 | CVE-2019-16671 | Resource Exhaustion vulnerability in Weidmueller products An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. | 6.5 |
| 2019-11-27 | CVE-2019-6667 | Resource Exhaustion vulnerability in F5 products On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied. | 7.5 |
| 2019-11-27 | CVE-2019-14867 | Resource Exhaustion vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. | 8.8 |
| 2019-11-26 | CVE-2019-6477 | Resource Exhaustion vulnerability in multiple products With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. | 7.5 |