Search
Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5162 | 1 Openstack | 3 Cinder, Glance, Nova | 2018-01-05 | 7.8 HIGH | 7.5 HIGH |
| The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. | |||||
| CVE-2016-0798 | 1 Openssl | 1 Openssl | 2017-11-21 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. | |||||
| CVE-2016-6392 | 1 Cisco | 2 Ios, Ios Xe | 2017-11-08 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767. | |||||
| CVE-2016-10252 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. | |||||
| CVE-2016-10146 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.8 HIGH | 7.5 HIGH |
| Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2016-6160 | 1 Appneta | 1 Tcpreplay | 2017-09-26 | 5.0 MEDIUM | 7.5 HIGH |
| tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. | |||||
| CVE-2014-6438 | 1 Ruby-lang | 1 Ruby | 2017-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. | |||||
| CVE-2016-9332 | 1 Moxa | 1 Softcms | 2017-09-03 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. | |||||
| CVE-2015-6289 | 1 Cisco | 4 Integrated Services Router 800, Integrated Services Router 819, Integrated Services Router 829 and 1 more | 2017-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | |||||
| CVE-2016-1426 | 1 Cisco | 2 Ios Xr, Network Convergence System 6000 | 2017-09-01 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | |||||
| CVE-2011-3280 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-28 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672. | |||||
| CVE-2011-4650 | 1 Cisco | 1 Data Center Network Manager | 2017-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then the CPU utilization increases. Known Affected Releases: 5.2(1). Known Fixed Releases: 6.0(0)SL1(0.14) 5.2(2.73)S0. Product identification: CSCtt15295. | |||||
| CVE-2012-0880 | 1 Apache | 1 Xerces-c\+\+ | 2017-08-18 | 7.8 HIGH | 7.5 HIGH |
| Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. | |||||
| CVE-2016-1466 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. | |||||
| CVE-2016-5426 | 1 Powerdns | 1 Authoritative | 2017-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | |||||
| CVE-2016-1469 | 1 Cisco | 4 Spa300 Series Ip Phone, Spa300 Series Ip Phone Firmware, Spa500 Series Ip Phone and 1 more | 2017-08-13 | 7.8 HIGH | 7.5 HIGH |
| The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. | |||||
| CVE-2016-5427 | 1 Powerdns | 1 Authoritative | 2017-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. | |||||
| CVE-2016-6378 | 1 Cisco | 1 Ios Xe | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. | |||||
| CVE-2015-6393 | 1 Cisco | 30 Nexus 5010, Nexus 5020, Nexus 5548p and 27 more | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182. | |||||
| CVE-2015-6392 | 1 Cisco | 40 Nexus 5010, Nexus 5020, Nexus 5548p and 37 more | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. | |||||
| CVE-2016-6409 | 1 Cisco | 1 Ios | 2017-07-30 | 4.3 MEDIUM | 7.5 HIGH |
| The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. | |||||
| CVE-2016-6407 | 1 Cisco | 1 Web Security Appliance | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219. | |||||
| CVE-2016-6391 | 1 Cisco | 1 Ios | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036. | |||||
| CVE-2016-6385 | 1 Cisco | 2 Ios, Ios Xe | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367. | |||||
| CVE-2016-6382 | 1 Cisco | 2 Ios, Ios Xe | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399. | |||||
| CVE-2016-6439 | 1 Cisco | 1 Firepower Management Center | 2017-07-29 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. | |||||
| CVE-2016-6455 | 1 Cisco | 2 Asr 5000 Software, Asr 5500 | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147. | |||||
| CVE-2016-9312 | 2 Microsoft, Ntp | 2 Windows, Ntp | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | |||||
| CVE-2016-6466 | 1 Cisco | 2 Asr 5000 Series Software, Virtualized Packet Core | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147. | |||||
| CVE-2016-7539 | 1 Imagemagick | 1 Imagemagick | 2017-07-27 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2016-5396 | 1 Apache | 1 Traffic Server | 2017-07-11 | 7.8 HIGH | 7.5 HIGH |
| Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | |||||
| CVE-2016-1350 | 1 Cisco | 2 Ios, Ios Xe | 2017-05-12 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | |||||
| CVE-2016-6368 | 1 Cisco | 1 Firepower Management Center | 2017-05-06 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876. | |||||
| CVE-2016-9954 | 1 Irregex Project | 1 Irregex | 2017-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern. | |||||
| CVE-2016-7551 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2017-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | |||||
| CVE-2012-6697 | 2 Debian, Inspire Ircd | 2 Debian Linux, Inspircd | 2017-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2016-8797 | 1 Huawei | 18 Ar3200, Ar3200 Firmware, S12700 and 15 more | 2017-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion. | |||||
| CVE-2014-3221 | 1 Huawei | 2 Eudemon8000e, Eudemon8000e Firmware | 2017-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device. | |||||
| CVE-2014-3224 | 1 Huawei | 14 Quidway S5300, Quidway S5300 Firmware, Quidway S5700 and 11 more | 2017-04-05 | 7.8 HIGH | 7.5 HIGH |
| Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products. | |||||
| CVE-2016-10227 | 1 Zyxel | 4 Nwa3560-n, Nwa3560-n Firmware, Usg50 and 1 more | 2017-03-29 | 7.8 HIGH | 7.5 HIGH |
| Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | |||||
| CVE-2016-9740 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-09 | 7.8 HIGH | 7.5 HIGH |
| IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. | |||||
| CVE-2015-8858 | 1 Uglifyjs Project | 1 Uglifyjs | 2017-03-02 | 7.8 HIGH | 7.5 HIGH |
| The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." | |||||
| CVE-2015-8315 | 1 Nodejs | 1 Node.js | 2017-03-02 | 7.8 HIGH | 7.5 HIGH |
| The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||||
| CVE-2016-6173 | 1 Nlnetlabs | 1 Nsd | 2017-02-24 | 7.8 HIGH | 7.5 HIGH |
| NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | |||||
| CVE-2016-5042 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section. | |||||
| CVE-2016-5417 | 1 Gnu | 1 Glibc | 2017-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. | |||||
| CVE-2016-8919 | 1 Ibm | 1 Websphere Application Server | 2017-02-13 | 7.8 HIGH | 7.5 HIGH |
| IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. | |||||
| CVE-2016-10153 | 1 Linux | 1 Linux Kernel | 2017-02-09 | 7.2 HIGH | 7.8 HIGH |
| The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. | |||||
| CVE-2016-5822 | 1 Huawei | 1 Oceanstor 5800 V3 | 2017-02-08 | 7.8 HIGH | 7.5 HIGH |
| Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. | |||||
| CVE-2016-7544 | 2 Cryptopp, Microsoft | 2 Crypto\+\+, Windows | 2017-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed. | |||||