VYPR

CWE-410

Insufficient Resource Pool

ClassIncomplete

Description

The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.

Frequently the consequence is a "flood" of connection or sessions.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (7)

  • CVE-2025-41653HigMay 27, 2025
    risk 0.49cvss 7.5epss 0.00

    An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive.

  • CVE-2025-20103MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2025-12986MedDec 4, 2025
    risk 0.39cvss epss 0.00

    When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset.

  • CVE-2026-34019MedMay 13, 2026
    risk 0.34cvss 5.3epss 0.00

    When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over.  Note: Software…

  • CVE-2023-7033MedFeb 27, 2024
    risk 0.34cvss 5.3epss 0.01

    Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module,…

  • CVE-2025-0453Mar 20, 2025
    risk 0.00cvss epss 0.01

    In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the…

  • CVE-2022-2048Jul 7, 2022
    risk 0.00cvss epss 0.02

    In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no…