Search
Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6580 | 1 Python | 1 Python Priority Library | 2017-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree. | |||||
| CVE-2016-6581 | 1 Python | 2 Hpack, Hyper | 2017-01-27 | 7.8 HIGH | 7.5 HIGH |
| A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine. | |||||
| CVE-2015-8855 | 1 Nodejs | 1 Node.js | 2017-01-26 | 7.8 HIGH | 7.5 HIGH |
| The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||||
| CVE-2016-6894 | 1 Arista | 6 Dcs-7050q, Dcs-7050q Eos Software, Dcs-7050s and 3 more | 2017-01-07 | 7.8 HIGH | 7.5 HIGH |
| Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane. | |||||
| CVE-2016-6467 | 1 Cisco | 2 Asr 5000, Asr 5000 Series Software | 2017-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. | |||||
| CVE-2016-6469 | 1 Cisco | 1 Web Security Appliance | 2017-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010. | |||||
| CVE-2016-9205 | 1 Cisco | 1 Ios Xr | 2017-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL. | |||||
| CVE-2015-7540 | 1 Samba | 1 Samba | 2016-12-31 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets. | |||||
| CVE-2015-6574 | 1 Sisco | 4 Ax-s4 Iccp, Ax-s4 Iccp Firmware, Mms-ease and 1 more | 2016-12-23 | 7.8 HIGH | 7.5 HIGH |
| The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. | |||||
| CVE-2016-9198 | 1 Cisco | 1 Identity Services Engine | 2016-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199). | |||||
| CVE-2015-6432 | 1 Cisco | 1 Ios Xr | 2016-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | |||||
| CVE-2015-6421 | 1 Cisco | 1 Wide Area Application Services | 2016-12-07 | 7.8 HIGH | 7.5 HIGH |
| cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330. | |||||
| CVE-2015-6320 | 1 Cisco | 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more | 2016-12-07 | 7.8 HIGH | 7.5 HIGH |
| The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138. | |||||
| CVE-2016-0738 | 1 Openstack | 1 Swift | 2016-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | |||||
| CVE-2015-6398 | 1 Cisco | 1 Nx-os | 2016-12-06 | 7.8 HIGH | 7.5 HIGH |
| Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. | |||||
| CVE-2016-1326 | 1 Cisco | 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. | |||||
| CVE-2016-1362 | 1 Cisco | 1 Aireos | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747. | |||||
| CVE-2016-1349 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | |||||
| CVE-2016-1348 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | |||||
| CVE-2016-1312 | 1 Cisco | 2 Asa 5500 Csc-ssm, Asa 5500 Csc-ssm Firmware | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. | |||||
| CVE-2016-0737 | 1 Openstack | 1 Swift | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | |||||
| CVE-2015-7400 | 1 Ibm | 1 Mashups Center | 2016-12-03 | 6.8 MEDIUM | 7.7 HIGH |
| The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-6313 | 1 Cisco | 7 Telepresence Server 7010, Telepresence Server Mse 8710, Telepresence Server On Multiparty Media 310 and 4 more | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. | |||||
| CVE-2015-0718 | 1 Cisco | 3 Nx-os, Nx-os 1000v Switch, Unified Computing System | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. | |||||
| CVE-2016-1369 | 1 Cisco | 1 Asa With Firepower Services | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922. | |||||
| CVE-2016-1383 | 1 Cisco | 2 Web Security Appliance, Web Security Appliance \(wsa\) | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. | |||||
| CVE-2016-1381 | 1 Cisco | 1 Web Security Appliance | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. | |||||
| CVE-2016-6355 | 1 Cisco | 1 Ios Xr | 2016-11-28 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. | |||||
| CVE-2016-5350 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 7.5 HIGH |
| epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2016-5368 | 1 Huawei | 2 Ar3200, Ar3200 Firmware | 2016-11-28 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets. | |||||
| CVE-2015-8978 | 1 Soap\ | 1 \ | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML. | |||||
| CVE-2016-0741 | 2 Fedoraproject, Redhat | 6 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2016-10-12 | 7.8 HIGH | 7.5 HIGH |
| slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. | |||||
| CVE-2016-6518 | 1 Huawei | 16 S12700, S12700 Firmware, S5300 and 13 more | 2016-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets. | |||||
| CVE-2016-3767 | 1 Google | 1 Android | 2016-07-12 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526. | |||||
| CVE-2016-3765 | 1 Google | 1 Android | 2016-07-12 | 6.4 MEDIUM | 7.7 HIGH |
| decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413. | |||||
| CVE-2016-3754 | 1 Google | 1 Android | 2016-07-11 | 7.8 HIGH | 7.5 HIGH |
| mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448. | |||||
| CVE-2016-0260 | 1 Ibm | 1 Websphere Mq | 2016-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors. | |||||
| CVE-2016-4021 | 2 Fedoraproject, Pgpdump Project | 2 Fedora, Pgpdump | 2016-06-15 | 7.8 HIGH | 7.5 HIGH |
| The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. | |||||
| CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2016-06-08 | 5.0 MEDIUM | 7.5 HIGH |
| The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | |||||
| CVE-2016-4423 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2016-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. | |||||
| CVE-2016-0877 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-05-31 | 7.8 HIGH | 7.5 HIGH |
| Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | |||||
| CVE-2016-2536 | 2 Google, Sap | 2 Sketchup, 3d Visual Enterprise Viewer | 2016-05-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. | |||||
| CVE-2015-5727 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2016-05-13 | 7.8 HIGH | 7.5 HIGH |
| The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||||
| CVE-2016-2094 | 1 Jboss | 1 Enterprise Application Platform | 2016-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. | |||||
| CVE-2016-1368 | 1 Cisco | 1 Firesight System Software | 2016-05-09 | 7.8 HIGH | 7.5 HIGH |
| Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. | |||||
| CVE-2016-1269 | 1 Juniper | 1 Junos | 2016-04-20 | 7.8 HIGH | 7.5 HIGH |
| Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps. | |||||
| CVE-2016-2515 | 1 Hawk Project | 1 Hawk | 2016-04-20 | 7.8 HIGH | 7.5 HIGH |
| Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression. | |||||
| CVE-2015-6925 | 1 Wolfssl | 1 Wolfssl | 2016-01-25 | 5.0 MEDIUM | 7.5 HIGH |
| wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. | |||||
| CVE-2015-8230 | 1 Huawei | 1 Espace 8950 | 2016-01-12 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets. | |||||
| CVE-2015-8231 | 1 Huawei | 2 Espace 7910, Espace 7950 | 2016-01-12 | 7.8 HIGH | 7.5 HIGH |
| Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. | |||||