VYPR

CWE-770

Allocation of Resources Without Limits or Throttling

BaseIncompleteLikelihood: High

Description

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528

CVEs mapped to this weakness (964)

page 18 of 49
  • CVE-2024-48080HigDec 3, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. NOTE: the Supplier indicates that exploitation cannot occur because of the protection mechanism in the validateTopic function in lib/utils.js.

  • CVE-2024-53981HigDec 2, 2024
    risk 0.42cvss 7.5epss 0.01

    python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time,…

  • CVE-2024-21539HigNov 19, 2024
    risk 0.42cvss 7.5epss 0.00

    Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.

  • CVE-2024-52918MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.

  • CVE-2024-47614HigOct 3, 2024
    risk 0.42cvss 7.5epss 0.01

    async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10.

  • CVE-2024-6509MedSep 10, 2024
    risk 0.42cvss 6.5epss 0.00

    Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to…

  • CVE-2024-6004MedAug 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.

  • CVE-2024-5210MedAug 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted.

  • CVE-2024-5209MedAug 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.

  • CVE-2024-4782MedAug 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.

  • CVE-2024-4781MedAug 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.

  • CVE-2024-33862HigJul 5, 2024
    risk 0.42cvss 7.5epss 0.01

    A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could…

  • CVE-2024-37298HigJul 1, 2024
    risk 0.42cvss 7.5epss 0.01

    gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice…

  • CVE-2024-34703HigJun 30, 2024
    risk 0.42cvss 7.5epss 0.01

    Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding…

  • CVE-2024-38528HigJun 28, 2024
    risk 0.42cvss 7.5epss 0.01

    nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server…

  • CVE-2024-37681MedJun 24, 2024
    risk 0.42cvss 6.5epss 0.00

    An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html component.

  • CVE-2024-33495MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…

  • CVE-2024-22189HigApr 4, 2024
    risk 0.42cvss 7.5epss 0.01

    quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame…

  • CVE-2024-22436MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service.

  • CVE-2024-24680HigFeb 6, 2024
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.