VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 12 of 93
  • CVE-2024-21523HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values…

  • CVE-2024-21521HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.

  • CVE-2023-51847HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component.

  • CVE-2023-30311HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2024-34953HigMay 20, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file

  • CVE-2024-5055HigMay 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.

  • CVE-2024-5052HigMay 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests.

  • CVE-2024-21823HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access

  • CVE-2022-32508HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

  • CVE-2024-4438HigMay 8, 2024
    risk 0.49cvss 7.5epss 0.01

    The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one…

  • CVE-2024-4437HigMay 8, 2024
    risk 0.49cvss 7.5epss 0.01

    The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux…

  • CVE-2024-4436HigMay 8, 2024
    risk 0.49cvss 7.5epss 0.01

    The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux…

  • CVE-2024-4599HigMay 7, 2024
    risk 0.49cvss 7.5epss 0.01

    Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.

  • CVE-2023-50685HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter.

  • CVE-2024-25355HigMay 1, 2024
    risk 0.49cvss 7.5epss 0.01

    s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component.

  • CVE-2024-34045HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment().

  • CVE-2024-32269HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet.

  • CVE-2023-6596HigApr 25, 2024
    risk 0.49cvss 7.5epss 0.01

    An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.

  • CVE-2024-26369HigMar 19, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.

  • CVE-2024-23744HigJan 21, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.