Total
1609 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7978 | 1 Ntp | 1 Ntp | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. | |||||
CVE-2017-7940 | 1 Entropymine | 1 Imageworsener | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | |||||
CVE-2017-1000359 | 1 Opendaylight | 1 Opendaylight | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. | |||||
CVE-2016-8374 | 1 Schneider-electric | 16 Magelis Gto Advanced Optimum Panel, Magelis Gto Advanced Optimum Panel Firmware, Magelis Gtu Universal Panel and 13 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. | |||||
CVE-2016-9039 | 1 Joyent | 1 Smartos | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service. | |||||
CVE-2017-2535 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app. | |||||
CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | |||||
CVE-2016-4571 | 2 Debian, Mini-xml Project | 2 Debian Linux, Mini-xml | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | |||||
CVE-2016-3104 | 1 Mongodb | 1 Mongodb | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. | |||||
CVE-2016-9643 | 1 Webkit | 1 Webkit | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). | |||||
CVE-2017-8327 | 1 Entropymine | 1 Imageworsener | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image. | |||||
CVE-2016-0747 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. | |||||
CVE-2016-5403 | 5 Canonical, Debian, Oracle and 2 more | 13 Ubuntu Linux, Debian Linux, Linux and 10 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | |||||
CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
CVE-2016-8666 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. | |||||
CVE-2016-1784 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | |||||
CVE-2016-4592 | 2 Apple, Webkitgtk | 5 Iphone Os, Safari, Tvos and 2 more | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. | |||||
CVE-2016-4037 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 4.9 MEDIUM | 6.0 MEDIUM |
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. | |||||
CVE-2015-1779 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | |||||
CVE-2016-6307 | 1 Openssl | 1 Openssl | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. |