Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2020-04-07 CVE-2019-17657 Resource Exhaustion vulnerability in Fortinet products
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
network
low complexity
fortinet CWE-400
7.5
2020-04-04 CVE-2020-5347 Resource Exhaustion vulnerability in Dell EMC Isilon Onefs
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability.
network
low complexity
dell CWE-400
7.5
2020-04-03 CVE-2019-18904 Resource Exhaustion vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations.
network
low complexity
opensuse CWE-400
7.5
2020-03-30 CVE-2020-5527 Resource Exhaustion vulnerability in Mitsubishielectric products
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly.
network
low complexity
mitsubishielectric CWE-400
7.5
2020-03-27 CVE-2020-10954 Resource Exhaustion vulnerability in Gitlab
GitLab through 12.9 is affected by a potential DoS in repository archive download.
network
low complexity
gitlab CWE-400
7.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
2020-03-20 CVE-2020-8136 Resource Exhaustion vulnerability in Fastify Fastify-Multipart
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.
network
low complexity
fastify CWE-400
7.5
2020-03-15 CVE-2020-0088 Resource Exhaustion vulnerability in Google Android 10.0
In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation.
network
low complexity
google CWE-400
6.5
2020-03-12 CVE-2020-9464 Resource Exhaustion vulnerability in Beckhoff Bk9000 Firmware
A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000.
network
low complexity
beckhoff CWE-400
7.5
2020-03-11 CVE-2019-5149 Resource Exhaustion vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs.
network
low complexity
wago CWE-400
7.5