VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 20 of 93
  • CVE-2026-34045HigApr 7, 2026
    risk 0.46cvss 8.2epss 0.00

    Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing…

  • CVE-2024-5422HigJun 4, 2024
    risk 0.46cvss epss 0.01

    An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

  • CVE-2022-32505HigMay 14, 2024
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.

  • CVE-2016-10524HigMay 31, 2018
    risk 0.46cvss 8.2epss 0.01

    i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server…

  • CVE-2014-2885HigMar 19, 2018
    risk 0.46cvss 7.1epss 0.00

    Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors…

  • CVE-2017-1000373MedJun 19, 2017
    risk 0.46cvss 6.5epss 0.13

    The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack…

  • CVE-2026-48069higJun 11, 2026
    risk 0.45cvss epss 0.00

    ### Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js ### Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 …

  • CVE-2026-45357higMay 27, 2026
    risk 0.45cvss epss 0.00

    ## Summary The `date` filter's strftime implementation parses width specifiers like `%9999999d` and forwards the captured width unchecked into `pad()`/`padStart()` in `src/util/underscore.ts`. The pad loop performs unbounded string concatenation without consulting the Context's…

  • CVE-2025-50057MedJul 18, 2025
    risk 0.45cvss epss 0.00

    A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.

  • CVE-2024-7567MedAug 13, 2024
    risk 0.45cvss epss 0.01

    A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.

  • CVE-2023-46136HigOct 25, 2023
    risk 0.45cvss 8.0epss 0.01

    Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes…

  • CVE-2014-4179higSep 1, 2020
    risk 0.45cvss epss 0.03

    Versions of `yar` prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash. ## Recommendation Update to version 2.2.0 or later.

  • CVE-2014-8882higAug 31, 2020
    risk 0.45cvss epss 0.03

    Versions of `validator` prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the `isURL` method. ## Recommendation Update to version 3.22.1 or later.

  • CVE-2016-6172MedSep 26, 2016
    risk 0.45cvss 6.8epss 0.04

    PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

  • CVE-2026-0599HigFeb 2, 2026
    risk 0.44cvss 7.5epss 0.24

    A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a…

  • CVE-2025-41226MedMay 20, 2025
    risk 0.44cvss 6.8epss 0.00

    VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service…

  • CVE-2025-27081MedApr 10, 2025
    risk 0.44cvss 6.8epss 0.00

    A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.

  • CVE-2024-57782MedFeb 13, 2025
    risk 0.44cvss 6.8epss 0.00

    An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service.

  • CVE-2023-35191MedMar 14, 2024
    risk 0.44cvss 6.8epss 0.01

    Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access.

  • CVE-2018-15399MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service…