Vulnerabilities (CVE)

Filtered by CWE-400
Total 1619 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4668 1 Linux 1 Linux Kernel 2024-11-21 4.7 MEDIUM N/A
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163.
CVE-2010-4251 3 Linux, Redhat, Vmware 3 Linux Kernel, Enterprise Linux, Esx 2024-11-21 7.8 HIGH 7.5 HIGH
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
CVE-2010-4249 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 4.9 MEDIUM N/A
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
CVE-2010-4243 1 Linux 1 Linux Kernel 2024-11-21 4.9 MEDIUM N/A
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
CVE-2010-3858 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 4.9 MEDIUM N/A
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
CVE-2010-3705 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 8.3 HIGH N/A
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.
CVE-2010-3698 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 4.9 MEDIUM N/A
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT).
CVE-2010-0205 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2024-11-21 4.3 MEDIUM N/A
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
CVE-2009-3621 6 Canonical, Fedoraproject, Linux and 3 more 8 Ubuntu Linux, Fedora, Linux Kernel and 5 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
CVE-2009-3270 1 Microsoft 1 Internet Explorer 2024-11-21 5.0 MEDIUM N/A
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
CVE-2009-3267 1 Microsoft 1 Internet Explorer 2024-11-21 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
CVE-2009-2521 1 Microsoft 1 Internet Information Services 2024-11-21 5.0 MEDIUM N/A
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
CVE-2009-1891 5 Apache, Canonical, Debian and 2 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 7.1 HIGH N/A
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2009-1890 5 Apache, Canonical, Debian and 2 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 7.1 HIGH N/A
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
CVE-2008-7314 1 Mirc 1 Mirc 2024-11-21 5.0 MEDIUM 7.5 HIGH
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.
CVE-2008-4077 2 Ledgersmb, Sql-ledger 2 Ledgersmb, Sql-ledger 2024-11-21 7.8 HIGH N/A
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
CVE-2008-3534 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 4.9 MEDIUM N/A
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
CVE-2008-0132 1 Pragmasys 1 Fortress Ssh 2024-11-21 5.0 MEDIUM N/A
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
CVE-2007-4725 1 7-zip 1 7-zip 2024-11-21 6.8 MEDIUM N/A
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
CVE-2007-2650 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 4.3 MEDIUM N/A
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.