VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 87 of 93
  • CVE-2020-8552Mar 27, 2020
    risk 0.00cvss epss 0.02

    The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

  • CVE-2020-1950Mar 23, 2020
    risk 0.00cvss epss 0.03

    A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

  • CVE-2020-8136Mar 20, 2020
    risk 0.00cvss epss 0.01

    Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.

  • CVE-2020-7212Mar 6, 2020
    risk 0.00cvss epss 0.03

    The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not…

  • CVE-2019-10798Feb 24, 2020
    risk 0.00cvss epss 0.01

    rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.

  • CVE-2015-4411Feb 20, 2020
    risk 0.00cvss epss 0.06

    The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

  • CVE-2020-8123Feb 4, 2020
    risk 0.00cvss epss 0.01

    A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

  • CVE-2020-5236Feb 4, 2020
    risk 0.00cvss epss 0.03

    Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use…

  • CVE-2020-7219Jan 31, 2020
    risk 0.00cvss epss 0.02

    HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

  • CVE-2020-7218Jan 31, 2020
    risk 0.00cvss epss 0.01

    HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.

  • CVE-2019-14888Jan 23, 2020
    risk 0.00cvss epss 0.02

    A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

  • CVE-2020-0602Jan 14, 2020
    risk 0.00cvss epss 0.08

    A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

  • CVE-2020-6173Jan 14, 2020
    risk 0.00cvss epss 0.01

    TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.

  • CVE-2014-5012Jan 10, 2020
    risk 0.00cvss epss 0.01

    DOMPDF before 0.6.2 allows denial of service.

  • CVE-2014-3211Jan 9, 2020
    risk 0.00cvss epss 0.01

    Publify before 8.0.1 is vulnerable to a Denial of Service attack

  • CVE-2019-10775Jan 2, 2020
    risk 0.00cvss epss 0.01

    ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.

  • CVE-2019-16555Dec 17, 2019
    risk 0.00cvss epss 0.01

    A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

  • CVE-2019-14867Nov 27, 2019
    risk 0.00cvss epss 0.06

    A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker…

  • CVE-2019-16764Nov 25, 2019
    risk 0.00cvss epss 0.01

    The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to_atom/1` is used to convert the binary value to an atom so it can be used to…

  • CVE-2019-11287Nov 22, 2019
    risk 0.00cvss epss 0.05

    Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason"…