VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 13 of 93
  • CVE-2023-23447HigMay 15, 2023
    risk 0.49cvss 7.5epss 0.01

    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST…

  • CVE-2022-29145HigMay 10, 2022
    risk 0.49cvss 7.5epss 0.05

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2022-29117HigMay 10, 2022
    risk 0.49cvss 7.5epss 0.05

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2022-24464HigMar 9, 2022
    risk 0.49cvss 7.5epss 0.03

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2022-23913HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.03

    In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.

  • CVE-2021-27385HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2020-15783HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a…

  • CVE-2019-18336HigMar 10, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK…

  • CVE-2020-6986HigMar 5, 2020
    risk 0.49cvss 7.5epss 0.02

    In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result.

  • CVE-2018-7821HigMay 22, 2019
    risk 0.49cvss 7.5epss 0.01

    An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2018-15383HigOct 5, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary…

  • CVE-2018-14648HigSep 28, 2018
    risk 0.49cvss 7.5epss 0.06

    A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.

  • CVE-2018-8854HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.03

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.

  • CVE-2018-14827HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.04

    Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to…

  • CVE-2017-1794HigSep 19, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.

  • CVE-2018-14638HigSep 14, 2018
    risk 0.49cvss 7.5epss 0.03

    A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.

  • CVE-2018-16949HigSep 12, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send,…

  • CVE-2018-6923HigSep 4, 2018
    risk 0.49cvss 7.5epss 0.04

    In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the…

  • CVE-2018-16131HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.03

    The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.