Search
Total
2332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1812 | 2 Fedoraproject, Janrain | 2 Fedora, Ruby-openid | 2013-12-13 | 4.3 MEDIUM | N/A |
| The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | |||||
| CVE-2012-1588 | 1 Drupal | 1 Drupal | 2013-12-13 | 3.5 LOW | N/A |
| Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. | |||||
| CVE-2011-3946 | 1 Ffmpeg | 1 Ffmpeg | 2013-12-10 | 6.8 MEDIUM | N/A |
| The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. | |||||
| CVE-2011-3934 | 1 Ffmpeg | 1 Ffmpeg | 2013-12-10 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data. | |||||
| CVE-2013-6692 | 1 Cisco | 1 Ios Xe | 2013-11-22 | 6.3 MEDIUM | N/A |
| Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. | |||||
| CVE-2013-6801 | 1 Microsoft | 2 Windows Xp, Word | 2013-11-19 | 7.1 HIGH | N/A |
| Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue. | |||||
| CVE-2013-5553 | 1 Cisco | 1 Ios | 2013-11-08 | 7.8 HIGH | N/A |
| Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383. | |||||
| CVE-2013-5184 | 1 Apple | 1 Mac Os X | 2013-10-24 | 5.7 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. | |||||
| CVE-2013-5516 | 1 Cisco | 1 Telepresence Multipoint Switch | 2013-10-22 | 6.3 MEDIUM | N/A |
| The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796. | |||||
| CVE-2013-4712 | 1 Iodata | 7 Hdl-a\/e, Hdl-a Firmware, Hdl-ah and 4 more | 2013-10-21 | 6.8 MEDIUM | N/A |
| I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2013-5540 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2013-10-16 | 6.8 MEDIUM | N/A |
| The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519. | |||||
| CVE-2013-5750 | 1 Friends Of Symfony Project | 1 Fosuserbundle | 2013-10-15 | 5.0 MEDIUM | N/A |
| The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation. | |||||
| CVE-2013-4153 | 1 Redhat | 1 Libvirt | 2013-10-11 | 5.0 MEDIUM | N/A |
| Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command. | |||||
| CVE-2013-2218 | 1 Redhat | 1 Libvirt | 2013-10-11 | 5.0 MEDIUM | N/A |
| Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command. | |||||
| CVE-2013-1950 | 1 Redhat | 1 Libtirpc | 2013-10-11 | 4.3 MEDIUM | N/A |
| The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer. | |||||
| CVE-2013-0152 | 1 Xen | 1 Xen | 2013-10-11 | 4.7 MEDIUM | N/A |
| Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled. | |||||
| CVE-2012-3433 | 1 Xen | 1 Xen | 2013-10-11 | 4.9 MEDIUM | N/A |
| Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown. | |||||
| CVE-2012-3863 | 1 Digium | 4 Asterisk, Asterisk Business Edition, Asteriske and 1 more | 2013-10-10 | 4.0 MEDIUM | N/A |
| channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. | |||||
| CVE-2013-4284 | 1 Redhat | 1 Enterprise Mrg | 2013-10-10 | 5.0 MEDIUM | N/A |
| Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. | |||||
| CVE-2013-5473 | 1 Cisco | 2 Ios, Ios Xe | 2013-10-07 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. | |||||
| CVE-2013-4758 | 1 Rsyslog | 1 Rsyslog | 2013-10-07 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. | |||||
| CVE-2013-5503 | 1 Cisco | 1 Ios Xr | 2013-10-03 | 7.8 HIGH | N/A |
| The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413. | |||||
| CVE-2013-3969 | 1 Mongodb | 1 Mongodb | 2013-10-02 | 6.5 MEDIUM | N/A |
| The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object. | |||||
| CVE-2013-4163 | 1 Linux | 1 Linux Kernel | 2013-10-02 | 4.7 MEDIUM | N/A |
| The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. | |||||
| CVE-2013-4205 | 1 Linux | 1 Linux Kernel | 2013-10-02 | 4.7 MEDIUM | N/A |
| Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call. | |||||
| CVE-2013-1121 | 1 Cisco | 1 Nx-os | 2013-09-20 | 5.4 MEDIUM | N/A |
| The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. | |||||
| CVE-2012-4067 | 1 Eucalyptus | 1 Eucalyptus | 2013-09-18 | 4.3 MEDIUM | N/A |
| Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request. | |||||
| CVE-2013-3459 | 1 Cisco | 1 Unified Communications Manager | 2013-09-11 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | |||||
| CVE-2013-2800 | 1 Osisoft | 1 Pi Interface | 2013-08-29 | 5.0 MEDIUM | N/A |
| The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage) via crafted C37.118 configuration packets. | |||||
| CVE-2013-3453 | 1 Cisco | 2 Unified Communications Manager, Unified Presence | 2013-08-29 | 7.8 HIGH | N/A |
| Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | |||||
| CVE-2013-2176 | 1 Redhat | 1 Enterprise Virtualization | 2013-08-29 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. | |||||
| CVE-2013-3387 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-27 | 7.8 HIGH | N/A |
| Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724. | |||||
| CVE-2013-3389 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-27 | 7.8 HIGH | N/A |
| Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114. | |||||
| CVE-2013-3390 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-27 | 7.8 HIGH | N/A |
| Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158. | |||||
| CVE-2013-3388 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-26 | 7.8 HIGH | N/A |
| Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776. | |||||
| CVE-2013-1767 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 6.2 MEDIUM | N/A |
| Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. | |||||
| CVE-2013-0217 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 5.2 MEDIUM | N/A |
| Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. | |||||
| CVE-2012-3517 | 1 Tor | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. | |||||
| CVE-2012-2921 | 1 Mark Pilgrim | 1 Feedparser | 2013-08-22 | 5.0 MEDIUM | N/A |
| Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document. | |||||
| CVE-2011-3918 | 1 Google | 1 Android | 2013-08-03 | 7.8 HIGH | N/A |
| The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application. | |||||
| CVE-2013-4127 | 1 Linux | 1 Linux Kernel | 2013-07-29 | 4.7 MEDIUM | N/A |
| Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine. | |||||
| CVE-2013-3418 | 1 Cisco | 1 Unified Communications Domain Manager | 2013-07-25 | 6.8 MEDIUM | N/A |
| Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. | |||||
| CVE-2011-0430 | 1 Openafs | 1 Openafs | 2013-07-10 | 7.5 HIGH | N/A |
| Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors. | |||||
| CVE-2013-3377 | 1 Cisco | 14 Ip Video Phone E20, Telepresence Codec C40, Telepresence Codec C60 and 11 more | 2013-06-21 | 7.8 HIGH | N/A |
| Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. | |||||
| CVE-2013-1969 | 1 Xmlsoft | 1 Libxml2 | 2013-06-21 | 7.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. | |||||
| CVE-2013-3381 | 1 Cisco | 1 Hosted Collaboration Solution | 2013-06-12 | 5.0 MEDIUM | N/A |
| Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756. | |||||
| CVE-2013-1843 | 1 Typo3 | 1 Typo3 | 2013-06-05 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-1213 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2013-06-04 | 5.0 MEDIUM | N/A |
| Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840. | |||||
| CVE-2013-1246 | 1 Cisco | 1 Telepresence System Software | 2013-06-03 | 6.8 MEDIUM | N/A |
| Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610. | |||||
| CVE-2013-2781 | 1 3s-software | 1 Codesys Gateway-server | 2013-05-23 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | |||||