VYPR

CWE-770

Allocation of Resources Without Limits or Throttling

BaseIncompleteLikelihood: High

Description

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-125 · CAPEC-130 · CAPEC-147 · CAPEC-197 · CAPEC-229 · CAPEC-230 · CAPEC-231 · CAPEC-469 · CAPEC-482 · CAPEC-486 · CAPEC-487 · CAPEC-488 · CAPEC-489 · CAPEC-490 · CAPEC-491 · CAPEC-493 · CAPEC-494 · CAPEC-495 · CAPEC-496 · CAPEC-528

CVEs mapped to this weakness (964)

page 6 of 49
  • CVE-2020-37039HigJan 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to…

  • CVE-2020-37038HigJan 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.

  • CVE-2020-36943HigJan 28, 2026
    risk 0.49cvss 7.5epss 0.00

    aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application…

  • CVE-2025-55102HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet…

  • CVE-2021-47894HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to…

  • CVE-2021-47893HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to…

  • CVE-2021-47877HigJan 21, 2026
    risk 0.49cvss 7.5epss 0.00

    GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application…

  • CVE-2021-47876HigJan 21, 2026
    risk 0.49cvss 7.5epss 0.00

    GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:'…

  • CVE-2021-47865HigJan 21, 2026
    risk 0.49cvss 7.5epss 0.01

    ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user…

  • CVE-2021-47784HigJan 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to trigger an application…

  • CVE-2025-37166HigJan 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this…

  • CVE-2020-36907HigJan 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service…

  • CVE-2022-50799HigDec 30, 2025
    risk 0.49cvss 7.5epss 0.00

    Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and…

  • CVE-2025-11419HigDec 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable.

  • CVE-2025-13165HigNov 17, 2025
    risk 0.49cvss 7.5epss 0.00

    EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service.

  • CVE-2025-54470HigOct 30, 2025
    risk 0.49cvss 8.6epss 0.00

    This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate…

  • CVE-2025-2813HigJul 31, 2025
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.

  • CVE-2025-2403HigJun 24, 2025
    risk 0.49cvss 7.5epss 0.00

    A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to…

  • CVE-2018-25112HigJun 4, 2025
    risk 0.49cvss 7.5epss 0.00

    An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.

  • CVE-2025-32049HigApr 3, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).