CWE-400— Uncontrolled Resource Consumption (Denial of Service)
3,210 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-400page 7 of 65
- CVE-2018-16472HIGHCVSS 7.5EG 7.52018-11-06
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
- CVE-2018-16486CRITICALCVSS 9.8EG 9.82019-02-01
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
- CVE-2018-16487MEDIUMCVSS 5.6EG 5.62019-02-01
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
- CVE-2018-16489CRITICALCVSS 9.8EG 9.82019-02-01
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
- CVE-2018-16490HIGHCVSS 7.5EG 7.52019-02-01
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
- CVE-2018-16491CRITICALCVSS 9.8EG 9.82019-02-01
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
- CVE-2018-16492CRITICALCVSS 9.8EG 9.82019-02-01
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
- CVE-2018-16843HIGHCVSS 7.5EG 7.52018-11-07
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'ht…
- CVE-2018-16844HIGHCVSS 7.5EG 7.52018-11-07
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' opti…
- CVE-2018-16845MEDIUMCVSS 6.1EG 6.12018-11-07
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosur…
- CVE-2018-16848MEDIUMCVSS 6.5EG 6.52020-06-15
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating …
- CVE-2018-16853HIGHCVSS 7.5EG 5.92018-11-28
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build …
- CVE-2018-16878MEDIUMCVSS 5.5EG 5.52019-04-18
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
- CVE-2018-16949HIGHCVSS 7.5EG 7.52018-09-12
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated…
- CVE-2018-17145HIGHCVSS 7.5EG 7.52020-09-10
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g…
- CVE-2018-17159HIGHCVSS 7.5EG 7.52018-12-04
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server t…
- CVE-2018-17189MEDIUMCVSS 5.3EG 5.32019-01-30
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP…
- CVE-2018-17281HIGHCVSS 7.5EG 7.52018-09-24
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk …
- CVE-2018-17581MEDIUMCVSS 6.5EG 6.52018-09-28
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
- CVE-2018-1786MEDIUMCVSS 5.3EG 7.52018-11-12
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
- CVE-2018-17898HIGHCVSS 7.5EG 7.52018-10-12
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to becom…
- CVE-2018-17977MEDIUMCVSS 4.4EG 4.42018-10-08
The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root …
- CVE-2018-17985MEDIUMCVSS 5.5EG 5.52018-10-04
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving…
- CVE-2018-18853HIGHCVSS 7.5EG 7.52018-10-31
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.
- CVE-2018-18854HIGHCVSS 7.5EG 7.52018-10-31
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
- CVE-2018-18898HIGHCVSS 7.5EG 7.52019-03-21
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
- CVE-2018-18960MEDIUMCVSS 5.9EG 5.92018-12-24
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.
- CVE-2018-19037HIGHCVSS 7.5EG 7.52019-05-13
On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interfa…
- CVE-2018-19151HIGHCVSS 7.5EG 7.52019-10-29
qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- CVE-2018-19152HIGHCVSS 7.5EG 7.52019-11-05
emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- CVE-2018-19153HIGHCVSS 7.5EG 7.52019-11-05
particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- CVE-2018-19154HIGHCVSS 7.5EG 7.52019-11-05
HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- CVE-2018-19155HIGHCVSS 7.5EG 7.52019-11-05
navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
- CVE-2018-19156HIGHCVSS 7.5EG 7.52019-11-05
PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which…
- CVE-2018-19157HIGHCVSS 7.5EG 7.52019-11-05
Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, whi…
- CVE-2018-19158HIGHCVSS 7.5EG 7.52019-03-21
ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/bloc…
- CVE-2018-19159HIGHCVSS 7.5EG 7.52019-11-05
lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which a…
- CVE-2018-19160HIGHCVSS 7.5EG 7.52019-11-05
Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, w…
- CVE-2018-19161HIGHCVSS 7.5EG 7.52019-11-05
alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which ar…
- CVE-2018-19162HIGHCVSS 7.5EG 7.52019-11-05
Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which …
- CVE-2018-19163HIGHCVSS 7.5EG 7.52019-11-05
stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, …
- CVE-2018-19164HIGHCVSS 7.5EG 7.52019-11-05
reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, …
- CVE-2018-19165HIGHCVSS 7.5EG 7.52019-11-05
neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, whic…
- CVE-2018-19166HIGHCVSS 7.5EG 7.52019-11-05
peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, wh…
- CVE-2018-19167HIGHCVSS 7.5EG 7.52019-11-05
CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,…
- CVE-2018-19282CRITICALCVSS 9.8EG 9.82019-04-04
Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a w…
- CVE-2018-19837MEDIUMCVSS 6.5EG 6.52018-12-04
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%'…
- CVE-2018-19838MEDIUMCVSS 6.5EG 6.52018-12-04
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving c…
- CVE-2018-19871MEDIUMCVSS 6.5EG 6.52018-12-26
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
- CVE-2018-19881MEDIUMCVSS 5.5EG 5.52018-12-06
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
Map vulnerabilities like CWE-400 to your infrastructure
EchelonGraph correlates every CVE — across CWE-400 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →