VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 16 of 93
  • CVE-2016-9589HigMar 12, 2018
    risk 0.49cvss 7.5epss 0.03

    Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage,…

  • CVE-2017-12174HigMar 7, 2018
    risk 0.49cvss 7.5epss 0.06

    It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.

  • CVE-2018-7048HigMar 1, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.

  • CVE-2017-17290HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.01

    The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the…

  • CVE-2017-3768HigJan 26, 2018
    risk 0.49cvss 7.5epss 0.01

    An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common…

  • CVE-2018-5748HigJan 25, 2018
    risk 0.49cvss 7.5epss 0.03

    qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

  • CVE-2018-4837HigJan 25, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server…

  • CVE-2018-0094HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate…

  • CVE-2018-0090HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for…

  • CVE-2017-13211HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User…

  • CVE-2017-17901HigDec 29, 2017
    risk 0.49cvss 7.5epss 0.02

    ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.

  • CVE-2014-3651HigDec 29, 2017
    risk 0.49cvss 7.5epss 0.02

    JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.

  • CVE-2017-12741HigDec 26, 2017
    risk 0.49cvss 7.5epss 0.03

    Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

  • CVE-2017-17051HigDec 5, 2017
    risk 0.49cvss 8.6epss 0.02

    An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations.…

  • CVE-2017-1000191HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.

  • CVE-2017-14028HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by…

  • CVE-2017-12318HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition.…

  • CVE-2017-2889HigNov 7, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An…

  • CVE-2017-2884HigNov 7, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network…

  • CVE-2017-15882HigOct 26, 2017
    risk 0.49cvss 7.5epss 0.02

    The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.