Show CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CXSecurity.com

	Topic	Date	Author
Med.	ZyXEL P-660HW UDP fragmentation Denial of Service	12.01.2018	Hosein Askari
Med.	ZyXEL TTL Expiry Denial of Service	25.12.2017	Hosein Askari
Low	Android Private Internet Access Denial Of Service	30.10.2017	nightwatchcybersecurit...
Low	libgedit.a mishandling NUL Blocks in gedit(GNOME text editor)	02.09.2017	Hosein Askari
Low	Trihedral VTScada DoS / XSS / Information Disclosure	01.07.2017	Karn Ganeshen
Med.	MikroTik UDP Flood Denial of Service	10.05.2017	Hosein Askari
Med.	BackBox OS Denial Of Service(CPU Consumption)	01.04.2017	Hosein Askari(FarazPaj...
Med.	MikroTik RouterBoard V-6.38.5 Denial Of Service \| CPU Consumption	28.03.2017	Hosein Askari (FarazPa...
Med.	Android Qualcomm GPS/GNSS Man-In-The-Middle	12.10.2016	Yakov Shafranovich
Low	Open-Xchange App Suite 7.8.1 Information Disclosure	23.06.2016	Martin Heiland
Med.	SAP Afaria 7 XcListener DoS in the module XeClient.Dll	19.06.2015	Vahagn Vardanyan
Med.	XMPP-Layer Compression Uncontrolled Resource Consumption	06.04.2014	Giancarlo Pellegrino
Low	Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit	06.05.2012	condis

CVEMAP Search Results

CVE

Details

Description

2019-04-10

Medium	CVE-2019-0033	Vendor: Juniper Software: Junos	A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.
Medium	CVE-2019-0199	Vendor: Apache Software: Tomcat	The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

2019-04-04

High

CVE-2018-19282

Vendor: Rockwellautomation
Software: Powerflex 52...

Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.

2019-04-03

Low

CVE-2018-4409

Vendor: Apple
Software: Icloud

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

2019-04-02

Medium

CVE-2019-4080

Vendor: IBM
Software: Websphere ap...

IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.

2019-04-01

Low	CVE-2018-3979	Vendor: Canonical Software: Ubuntu linux	A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).
Medium	CVE-2018-13296	Vendor: Synology Software: Mailplus server	Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
Low	CVE-2019-1002100	Vendor: Kubernetes Software: Kubernetes	In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

2019-03-28

Medium

CVE-2019-5739

Vendor: Nodejs
Software: Node.js

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

2019-03-27

High

CVE-2019-1737

Vendor: Cisco
Software: IOS

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.

Copyright 2019, cxsecurity.com