VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 17 of 93
  • CVE-2017-7086HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource…

  • CVE-2014-9697HigOct 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.

  • CVE-2017-10608HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.01

    Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service…

  • CVE-2017-15193HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

  • CVE-2015-7384HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.08

    Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.

  • CVE-2017-14616HigSep 20, 2017
    risk 0.49cvss 7.5epss 0.02

    An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing…

  • CVE-2013-7428HigSep 7, 2017
    risk 0.49cvss 7.5epss 0.02

    The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.

  • CVE-2017-14158HigSep 5, 2017
    risk 0.49cvss 7.5epss 0.02

    Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource,…

  • CVE-2017-14137HigSep 4, 2017
    risk 0.49cvss 7.5epss 0.01

    ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.

  • CVE-2015-1417HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.03

    The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote…

  • CVE-2017-11521HigJul 22, 2017
    risk 0.49cvss 7.5epss 0.02

    The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.

  • CVE-2017-7063HigJul 20, 2017
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).

  • CVE-2017-7007HigJul 20, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).

  • CVE-2017-7684HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.03

    Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.

  • CVE-2017-2348HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other…

  • CVE-2017-1000064HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS

  • CVE-2017-9845HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.03

    disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.

  • CVE-2017-11142HigJul 10, 2017
    risk 0.49cvss 7.5epss 0.08

    In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.

  • CVE-2017-10922HigJul 5, 2017
    risk 0.49cvss 7.5epss 0.02

    The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.

  • CVE-2017-6017HigJun 30, 2017
    risk 0.49cvss 7.5epss 0.05

    A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A…