VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 61 of 93
  • CVE-2026-22004MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to…

  • CVE-2026-22002MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple…

  • CVE-2026-21998MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple…

  • CVE-2026-3116MedMar 26, 2026
    risk 0.32cvss 4.9epss 0.00

    Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589

  • CVE-2022-31075MedJul 11, 2022
    risk 0.32cvss 4.9epss 0.01

    KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP…

  • CVE-2021-41186MedOct 29, 2021
    risk 0.32cvss 5.9epss 0.02

    Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain…

  • CVE-2021-23353MedMar 9, 2021
    risk 0.32cvss 5.9epss 0.03

    This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.

  • CVE-2020-28479MedJan 19, 2021
    risk 0.32cvss 5.9epss 0.02

    The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.

  • CVE-2017-16025MedJun 4, 2018
    risk 0.32cvss 5.9epss 0.02

    Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Submitting an invalid…

  • CVE-2017-12077MedAug 28, 2017
    risk 0.32cvss 4.9epss 0.01

    Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

  • CVE-2017-12076MedAug 28, 2017
    risk 0.32cvss 4.9epss 0.01

    Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

  • CVE-2011-2918MedMay 24, 2012
    risk 0.32cvss 5.5epss 0.01

    The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.

  • CVE-2026-45680MedJun 2, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very…

  • CVE-2026-4410MedMay 27, 2026
    risk 0.31cvss 4.8epss 0.01

    IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit…

  • CVE-2026-48593MedMay 26, 2026
    risk 0.31cvss epss 0.00

    Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oban.Web.CronExpr' modules) allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 *…

  • CVE-2025-70071MedMay 4, 2026
    risk 0.31cvss 5.9epss 0.01

    An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()

  • CVE-2026-41078MedApr 23, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent…

  • CVE-2026-33610MedApr 22, 2026
    risk 0.31cvss 5.9epss 0.00

    A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.

  • CVE-2026-39865MedApr 8, 2026
    risk 0.31cvss 5.9epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures.…

  • CVE-2026-34043MedMar 31, 2026
    risk 0.31cvss 5.9epss 0.00

    Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from…