VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 57 of 93
  • CVE-2022-21340MedJan 19, 2022
    risk 0.35cvss 5.3epss 0.08

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily…

  • CVE-2022-21299MedJan 19, 2022
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable…

  • CVE-2022-21293MedJan 19, 2022
    risk 0.35cvss 5.3epss 0.08

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily…

  • CVE-2022-21277MedJan 19, 2022
    risk 0.35cvss 5.3epss 0.03

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability…

  • CVE-2021-3801MedSep 15, 2021
    risk 0.35cvss 6.5epss 0.01

    prism is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-29506MedMay 13, 2021
    risk 0.35cvss 6.5epss 0.01

    GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:…

  • CVE-2021-20291MedApr 1, 2021
    risk 0.35cvss 6.5epss 0.02

    A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation…

  • CVE-2021-25292MedMar 19, 2021
    risk 0.35cvss 6.5epss 0.02

    An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

  • CVE-2021-20185MedJan 28, 2021
    risk 0.35cvss 5.3epss 0.01

    It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.

  • CVE-2021-21271MedJan 26, 2021
    risk 0.35cvss 6.5epss 0.02

    Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of…

  • CVE-2020-26264MedDec 11, 2020
    risk 0.35cvss 6.5epss 0.02

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns…

  • CVE-2020-26257MedDec 9, 2020
    risk 0.35cvss 6.5epss 0.02

    Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a…

  • CVE-2020-7779MedNov 26, 2020
    risk 0.35cvss 5.3epss 0.02

    All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.

  • CVE-2020-26242MedNov 25, 2020
    risk 0.35cvss 6.5epss 0.01

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

  • CVE-2020-7767MedNov 11, 2020
    risk 0.35cvss 5.3epss 0.02

    All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.

  • CVE-2020-25689MedNov 2, 2020
    risk 0.35cvss 5.3epss 0.01

    A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out…

  • CVE-2020-8192MedJul 30, 2020
    risk 0.35cvss 6.5epss 0.01

    A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.

  • CVE-2020-14297MedJul 24, 2020
    risk 0.35cvss 6.5epss 0.01

    A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of…

  • CVE-2020-8185MedJul 2, 2020
    risk 0.35cvss 6.5epss 0.02

    A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

  • CVE-2018-16848MedJun 15, 2020
    risk 0.35cvss 6.5epss 0.01

    A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.