Total
1574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15193 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. | |||||
CVE-2017-10800 | 1 Graphicsmagick | 1 Graphicsmagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. | |||||
CVE-2017-12076 | 1 Synology | 1 Diskstation Manager | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | |||||
CVE-2017-14158 | 1 Scrapy | 1 Scrapy | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. | |||||
CVE-2015-7384 | 1 Nodejs | 1 Node.js | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | |||||
CVE-2017-7684 | 1 Apache | 1 Openmeetings | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server. | |||||
CVE-2017-11142 | 1 Php | 1 Php | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. | |||||
CVE-2016-5004 | 1 Apache | 1 Ws-xmlrpc | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. | |||||
CVE-2017-17901 | 1 Zyxel | 2 P-660hw, P-660hw Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | |||||
CVE-2017-7670 | 1 Apache | 1 Traffic Control | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol. | |||||
CVE-2017-14360 | 1 Hp | 1 Content Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | |||||
CVE-2017-12293 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006. | |||||
CVE-2017-9845 | 1 Sap | 1 Netweaver | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | |||||
CVE-2017-10608 | 1 Juniper | 13 Junos, Srx110, Srx1400 and 10 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX. | |||||
CVE-2017-2734 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion. | |||||
CVE-2017-4920 | 1 Vmware | 1 Nsx-v Edge | 2024-02-28 | 7.1 HIGH | 5.9 MEDIUM |
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. | |||||
CVE-2017-8264 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. | |||||
CVE-2014-9697 | 1 Huawei | 6 Usg9520, Usg9520 Firmware, Usg9560 and 3 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. | |||||
CVE-2017-11140 | 1 Graphicsmagick | 1 Graphicsmagick | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. | |||||
CVE-2017-7132 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document. |