VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 51 of 93
  • CVE-2026-40951MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.

  • CVE-2026-6844MedApr 22, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead…

  • CVE-2026-20602MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to cause a denial-of-service.

  • CVE-2025-70347MedFeb 10, 2026
    risk 0.36cvss 5.5epss 0.00

    An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c.

  • CVE-2024-54192MedFeb 10, 2026
    risk 0.36cvss 5.5epss 0.00

    An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.

  • CVE-2025-66019MedNov 26, 2025
    risk 0.36cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This…

  • CVE-2025-27249MedNov 11, 2025
    risk 0.36cvss 5.5epss 0.00

    Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result…

  • CVE-2025-61155MedOct 28, 2025
    risk 0.36cvss 5.5epss 0.00

    The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in…

  • CVE-2025-33177MedOct 14, 2025
    risk 0.36cvss 5.5epss 0.00

    NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service.

  • CVE-2025-43295MedSep 15, 2025
    risk 0.36cvss 5.5epss 0.00

    A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.

  • CVE-2025-41227MedMay 20, 2025
    risk 0.36cvss 5.5epss 0.00

    VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading…

  • CVE-2025-20616MedMay 13, 2025
    risk 0.36cvss 5.5epss 0.00

    Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2025-31251MedMay 12, 2025
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted media file may lead to…

  • CVE-2025-31245MedMay 12, 2025
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.

  • CVE-2025-31226MedMay 12, 2025
    risk 0.36cvss 5.5epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.

  • CVE-2025-23246MedMay 1, 2025
    risk 0.36cvss 5.5epss 0.00

    NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2025-27087MedApr 22, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.

  • CVE-2025-24235MedMar 31, 2025
    risk 0.36cvss 5.5epss 0.00

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.

  • CVE-2025-24199MedMar 31, 2025
    risk 0.36cvss 5.5epss 0.00

    An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause a denial-of-service.

  • CVE-2024-44192MedMar 10, 2025
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.