Search
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9633 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | |||||
| CVE-2016-6424 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-15 | 6.1 MEDIUM | 6.5 MEDIUM |
| The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942. | |||||
| CVE-2016-1379 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-15 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576. | |||||
| CVE-2016-1385 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2023-08-15 | 6.8 MEDIUM | 6.5 MEDIUM |
| The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. | |||||
| CVE-2016-1546 | 1 Apache | 1 Http Server | 2021-06-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows. | |||||
| CVE-2015-8345 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-12-14 | 2.1 LOW | 6.5 MEDIUM |
| The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. | |||||
| CVE-2015-5332 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.1 HIGH | 6.8 MEDIUM |
| Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature. | |||||
| CVE-2015-8959 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 7.1 HIGH | 6.5 MEDIUM |
| coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | |||||
| CVE-2016-7907 | 1 Qemu | 1 Qemu | 2020-11-10 | 2.1 LOW | 4.4 MEDIUM |
| The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | |||||
| CVE-2011-2479 | 1 Linux | 1 Linux Kernel | 2020-07-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2016-5434 | 1 Pacman Project | 1 Pacman | 2020-04-21 | 7.1 HIGH | 5.5 MEDIUM |
| libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. | |||||
| CVE-2016-7166 | 3 Libarchive, Oracle, Redhat | 9 Libarchive, Linux, Enterprise Linux Desktop and 6 more | 2019-12-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | |||||
| CVE-2015-2927 | 3 Debian, Nodejs, Uronode | 3 Debian Linux, Node.js, Uro Node | 2019-11-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | |||||
| CVE-2016-6188 | 1 Inverse | 1 Sogo | 2019-11-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | |||||
| CVE-2017-14232 | 2 Flif, Jasper Project | 2 Flif, Jasper | 2019-10-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. | |||||
| CVE-2019-1700 | 1 Cisco | 2 Firepower 9000, Firepower 9000 Firmware | 2019-10-09 | 5.7 MEDIUM | 6.1 MEDIUM |
| A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Manual intervention may be required before a device will resume normal operations. The vulnerability is due to a logic error in the FPGA related to the processing of different types of input packets. An attacker could exploit this vulnerability by being on the adjacent subnet and sending a crafted sequence of input packets to a specific interface on an affected device. A successful exploit could allow the attacker to cause a queue wedge condition on the interface. When a wedge occurs, the affected device will stop processing any additional packets that are received on the wedged interface. Version 2.2 is affected. | |||||
| CVE-2016-9592 | 1 Redhat | 1 Openshift | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit. | |||||
| CVE-2016-1584 | 1 Unity8 | 1 Unity8 | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input. | |||||
| CVE-2019-13648 | 1 Linux | 1 Linux Kernel | 2019-07-30 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. | |||||
| CVE-2017-11580 | 1 Blipcare | 2 Wi-fi Blood Pressure Monitor, Wi-fi Blood Pressure Monitor Firmware | 2019-07-15 | 6.1 MEDIUM | 6.5 MEDIUM |
| Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device could become completely unresponsive. Presumably this happens as the memory footprint provided to this device is very small. According to the specs from Rezolt, the Wi-Fi module only has 256k of memory. As a result, an incorrect string copy operation using either memcpy, strcpy, or any of their other variants could result in filling up the memory space allocated to the function executing and this would result in memory corruption. To test the theory, one can modify the demo application provided by the Cypress WICED SDK and introduce an incorrect "memcpy" operation and use the compiled application on the evaluation board provided by Cypress semiconductors with exactly the same Wi-Fi SOC. The results were identical where the device would completely stop responding to any of the ping or web requests. | |||||
| CVE-2016-1276 | 1 Juniper | 1 Junos | 2019-06-26 | 7.1 HIGH | 5.9 MEDIUM |
| Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules. | |||||
| CVE-2015-8677 | 1 Huawei | 26 S2300, S2300 Firmware, S2350ei and 23 more | 2019-06-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information. | |||||
| CVE-2019-12087 | 1 Samsung | 6 S10, S10 Firmware, S9\+ and 3 more | 2019-05-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| ** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact." | |||||
| CVE-2014-8171 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2019-04-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | |||||
| CVE-2014-9853 | 6 Canonical, Imagemagick, Novell and 3 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||||
| CVE-2016-1956 | 4 Linux, Mozilla, Novell and 1 more | 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more | 2018-10-30 | 7.1 HIGH | 6.5 MEDIUM |
| Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | |||||
| CVE-2016-4008 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Libtasn1 and 1 more | 2018-10-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. | |||||
| CVE-2016-6375 | 1 Cisco | 7 Wireless Lan Controller, Wireless Lan Controller Software, Wireless Lan Controller Software 6.0 and 4 more | 2018-10-30 | 5.7 MEDIUM | 5.3 MEDIUM |
| Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221. | |||||
| CVE-2016-10723 | 1 Linux | 1 Linux Kernel | 2018-08-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| ** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle." | |||||
| CVE-2016-6622 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-8883 | 1 Jasper Project | 1 Jasper | 2018-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||||
| CVE-2016-8650 | 1 Linux | 1 Linux Kernel | 2018-06-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | |||||
| CVE-2016-9191 | 1 Linux | 1 Linux Kernel | 2018-05-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. | |||||
| CVE-2015-9252 | 1 Qpdf Project | 1 Qpdf | 2018-05-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. | |||||
| CVE-2016-6308 | 1 Openssl | 1 Openssl | 2018-04-20 | 7.1 HIGH | 5.9 MEDIUM |
| statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. | |||||
| CVE-2016-5348 | 1 Google | 1 Android | 2018-04-19 | 7.1 HIGH | 5.9 MEDIUM |
| The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864. | |||||
| CVE-2015-7461 | 1 Ibm | 1 Connections | 2018-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. | |||||
| CVE-2016-8782 | 1 Huawei | 2 Cloudengine 12800, Cloudengine 12800 Firmware | 2018-03-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak. | |||||
| CVE-2016-8784 | 1 Huawei | 2 Cloudengine 12800, Cloudengine 12800 Firmware | 2018-03-26 | 3.3 LOW | 4.3 MEDIUM |
| Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak. | |||||
| CVE-2016-10259 | 1 Bluecoat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2018-02-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server. | |||||
| CVE-2016-2550 | 1 Linux | 1 Linux Kernel | 2018-01-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312. | |||||
| CVE-2016-5412 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.6 MEDIUM | 6.5 MEDIUM |
| arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. | |||||
| CVE-2016-2847 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2018-01-05 | 4.9 MEDIUM | 6.2 MEDIUM |
| fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. | |||||
| CVE-2015-8786 | 2 Oracle, Pivotal Software | 2 Solaris, Rabbitmq | 2018-01-05 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter. | |||||
| CVE-2016-2116 | 2 Canonical, Jasper Project | 2 Ubuntu Linux, Jasper | 2018-01-05 | 4.3 MEDIUM | 5.7 MEDIUM |
| Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. | |||||
| CVE-2016-3156 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2018-01-05 | 2.1 LOW | 5.5 MEDIUM |
| The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. | |||||
| CVE-2016-7046 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-12-15 | 7.1 HIGH | 5.9 MEDIUM |
| Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | |||||
| CVE-2014-9686 | 1 Mapsplugin | 1 Googlemaps | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428. | |||||
| CVE-2015-5001 | 1 Ibm | 1 Websphere Portal | 2017-09-14 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document. | |||||
| CVE-2016-2523 | 1 Wireshark | 1 Wireshark | 2017-09-08 | 7.1 HIGH | 5.9 MEDIUM |
| The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||