Total
1574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-7428 | 1 Mapsplugin | 1 Googlemaps | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php. | |||||
CVE-2017-2889 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. | |||||
CVE-2017-1000191 | 1 Jool | 1 Jool | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. | |||||
CVE-2014-3651 | 1 Keycloak | 1 Keycloak | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation. | |||||
CVE-2017-2884 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. | |||||
CVE-2017-1000378 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions. | |||||
CVE-2015-2312 | 1 Capnproto | 1 Capnproto | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements. | |||||
CVE-2017-13825 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file. | |||||
CVE-2017-7086 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function. | |||||
CVE-2017-10922 | 1 Xen | 1 Xen | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | |||||
CVE-2017-9259 | 1 Surina | 1 Soundtouch | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. | |||||
CVE-2017-15298 | 2 Canonical, Git-scm | 2 Ubuntu Linux, Git | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. | |||||
CVE-2014-7813 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols. | |||||
CVE-2017-11530 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
CVE-2017-12140 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. | |||||
CVE-2017-14616 | 1 Watchguard | 1 Fireware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible. | |||||
CVE-2017-14341 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | |||||
CVE-2017-17682 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | |||||
CVE-2017-12318 | 1 Cisco | 2 Rf Gateway 1, Rf Gateway 1 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887. | |||||
CVE-2017-6043 | 1 Trihedral | 1 Vtscada | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. |