Show CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CXSecurity.com

	Topic	Date	Author
Med.	ZyXEL P-660HW UDP fragmentation Denial of Service	12.01.2018	Hosein Askari
Med.	ZyXEL TTL Expiry Denial of Service	25.12.2017	Hosein Askari
Low	Android Private Internet Access Denial Of Service	30.10.2017	nightwatchcybersecurit...
Low	libgedit.a mishandling NUL Blocks in gedit(GNOME text editor)	02.09.2017	Hosein Askari
Low	Trihedral VTScada DoS / XSS / Information Disclosure	01.07.2017	Karn Ganeshen
Med.	MikroTik UDP Flood Denial of Service	10.05.2017	Hosein Askari
Med.	BackBox OS Denial Of Service(CPU Consumption)	01.04.2017	Hosein Askari(FarazPaj...
Med.	MikroTik RouterBoard V-6.38.5 Denial Of Service \| CPU Consumption	28.03.2017	Hosein Askari (FarazPa...
Med.	Android Qualcomm GPS/GNSS Man-In-The-Middle	12.10.2016	Yakov Shafranovich
Low	Open-Xchange App Suite 7.8.1 Information Disclosure	23.06.2016	Martin Heiland
Med.	SAP Afaria 7 XcListener DoS in the module XeClient.Dll	19.06.2015	Vahagn Vardanyan
Med.	XMPP-Layer Compression Uncontrolled Resource Consumption	06.04.2014	Giancarlo Pellegrino
Low	Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit	06.05.2012	condis

CVEMAP Search Results

CVE

Details

Description

2020-06-26

Medium	CVE-2020-11996	Vendor: Apache Software: Tomcat	A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
Medium	CVE-2020-14955	Vendor: Jiangmin Software: Jiangmin ant...	In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440.

2020-06-25

Low

CVE-2020-9611

Updating...

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.

2020-06-19

Medium	CVE-2019-20880	Vendor: Mattermost Software: Mattermost s...	An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
High	CVE-2020-13273	Vendor: Gitlab Software: Gitlab	A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
Medium	CVE-2015-9548	Vendor: Mattermost Software: Mattermost s...	An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
Medium	CVE-2019-20858	Vendor: Mattermost Software: Mattermost s...	An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
Medium	CVE-2019-20845	Vendor: Mattermost Software: Mattermost s...	An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.

2020-06-18

Medium	CVE-2017-9104	Vendor: GNU Software: ADNS	An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.
Medium	CVE-2020-14422	Vendor: Python Software: Python	Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.

Copyright 2020, cxsecurity.com