VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 56 of 93
  • CVE-2023-46104MedDec 19, 2023
    risk 0.35cvss 6.5epss 0.02

    Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.

  • CVE-2023-35909MedDec 7, 2023
    risk 0.35cvss 5.3epss 0.01

    Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.

  • CVE-2023-48713MedNov 28, 2023
    risk 0.35cvss 6.5epss 0.01

    Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler…

  • CVE-2023-38251MedOct 13, 2023
    risk 0.35cvss 5.3epss 0.01

    Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does…

  • CVE-2023-40584MedSep 7, 2023
    risk 0.35cvss 6.5epss 0.01

    Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file…

  • CVE-2023-34462MedJun 22, 2023
    risk 0.35cvss 6.5epss 0.02

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does…

  • CVE-2022-39374MedMay 26, 2023
    risk 0.35cvss 6.5epss 0.01

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the…

  • CVE-2023-31409MedMay 15, 2023
    risk 0.35cvss 5.3epss 0.01

    Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

  • CVE-2023-20863MedApr 13, 2023
    risk 0.35cvss 6.5epss 0.01

    In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

  • CVE-2023-20861MedMar 23, 2023
    risk 0.35cvss 6.5epss 0.01

    In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

  • CVE-2022-3277MedMar 6, 2023
    risk 0.35cvss 6.5epss 0.01

    An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to…

  • CVE-2022-41952MedNov 22, 2022
    risk 0.35cvss 6.5epss 0.01

    Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in…

  • CVE-2022-4111MedNov 22, 2022
    risk 0.35cvss 6.5epss 0.01

    Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

  • CVE-2022-36055MedSep 1, 2022
    risk 0.35cvss 6.5epss 0.01

    Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns…

  • CVE-2021-4040MedAug 24, 2022
    risk 0.35cvss 5.3epss 0.03

    A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted…

  • CVE-2022-31073MedJul 11, 2022
    risk 0.35cvss 6.5epss 0.01

    KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a…

  • CVE-2022-23580MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,…

  • CVE-2022-21708MedJan 21, 2022
    risk 0.35cvss 6.5epss 0.01

    graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with…

  • CVE-2022-21366MedJan 19, 2022
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability…

  • CVE-2022-21360MedJan 19, 2022
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable…