Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-19838 Resource Exhaustion vulnerability in Sass-Lang Libsass
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
network
low complexity
sass-lang CWE-400
6.5
2018-12-04 CVE-2018-19837 Resource Exhaustion vulnerability in Sass-Lang Libsass
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
network
low complexity
sass-lang CWE-400
6.5
2018-11-28 CVE-2018-12122 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
network
low complexity
nodejs suse CWE-400
7.5
2018-11-28 CVE-2018-12121 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure.
network
low complexity
nodejs redhat CWE-400
7.5
2018-11-28 CVE-2018-16853 Resource Exhaustion vulnerability in Samba
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration.
network
high complexity
samba CWE-400
5.9
2018-11-15 CVE-2018-0700 Resource Exhaustion vulnerability in Hyuki Yukiwiki
YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition.
network
low complexity
hyuki CWE-400
7.5
2018-11-13 CVE-2018-16470 Resource Exhaustion vulnerability in Rack Project Rack 2.0.4/2.0.5
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6.
network
low complexity
rack-project CWE-400
7.5
2018-11-13 CVE-2018-15772 Resource Exhaustion vulnerability in Dell products
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability.
local
low complexity
dell CWE-400
7.1
2018-11-12 CVE-2018-1786 Resource Exhaustion vulnerability in IBM products
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state.
network
low complexity
ibm CWE-400
7.5
2018-11-08 CVE-2018-15443 Resource Exhaustion vulnerability in Cisco Firepower System Software
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic.
network
low complexity
cisco CWE-400
7.5