Vulnerabilities > Uncontrolled Resource Consumption ('Resource Exhaustion')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-08 | CVE-2019-1672 | Resource Exhaustion vulnerability in Cisco web Security Appliance 10.1.0204/10.5.2072/11.5.1Fcs115 A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. | 5.0 |
2019-02-05 | CVE-2019-6535 | Resource Exhaustion vulnerability in Mitsubishielectric products Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. | 7.5 |
2019-02-01 | CVE-2018-16487 | Resource Exhaustion vulnerability in Lodash A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. | 6.8 |
2019-01-30 | CVE-2018-17189 | Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. | 5.3 |
2019-01-28 | CVE-2019-6986 | Resource Exhaustion vulnerability in Duraspace Vitro 1.10.0 SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | 7.5 |
2019-01-23 | CVE-2019-1644 | Resource Exhaustion vulnerability in Cisco IOT Field Network Director 4.3(0.20) A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. | 5.0 |
2019-01-16 | CVE-2017-3144 | Resource Exhaustion vulnerability in multiple products A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. | 5.0 |
2019-01-16 | CVE-2017-3140 | Resource Exhaustion vulnerability in multiple products If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. | 4.3 |
2019-01-15 | CVE-2019-0012 | Resource Exhaustion vulnerability in Juniper Junos A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. | 4.3 |
2019-01-12 | CVE-2018-20699 | Resource Exhaustion vulnerability in multiple products Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | 4.0 |