Vulnerabilities (CVE)

Filtered by CWE-400
Total 1619 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2322 1 Juniper 1 Northstar Controller 2024-02-28 2.1 LOW 5.5 MEDIUM
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
CVE-2016-9310 1 Ntp 1 Ntp 2024-02-28 6.4 MEDIUM 6.5 MEDIUM
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2017-6552 1 Sagemcom 2 Livebox, Livebox Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.
CVE-2017-6632 1 Cisco 1 Firepower Threat Defense 2024-02-28 7.8 HIGH 7.5 HIGH
A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072.
CVE-2016-6213 1 Linux 1 Linux Kernel 2024-02-28 4.7 MEDIUM 4.7 MEDIUM
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
CVE-2015-7978 1 Ntp 1 Ntp 2024-02-28 5.0 MEDIUM 7.5 HIGH
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
CVE-2017-7940 1 Entropymine 1 Imageworsener 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2017-1000359 1 Opendaylight 1 Opendaylight 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
CVE-2016-8374 1 Schneider-electric 16 Magelis Gto Advanced Optimum Panel, Magelis Gto Advanced Optimum Panel Firmware, Magelis Gtu Universal Panel and 13 more 2024-02-28 7.8 HIGH 7.5 HIGH
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.
CVE-2016-9039 1 Joyent 1 Smartos 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service.
CVE-2017-2535 1 Apple 1 Mac Os X 2024-02-28 6.8 MEDIUM 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more 2024-02-28 4.3 MEDIUM 7.5 HIGH
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2016-4571 2 Debian, Mini-xml Project 2 Debian Linux, Mini-xml 2024-02-28 7.1 HIGH 5.5 MEDIUM
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2016-3104 1 Mongodb 1 Mongodb 2024-02-28 5.0 MEDIUM 7.5 HIGH
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
CVE-2016-9643 1 Webkit 1 Webkit 2024-02-28 5.0 MEDIUM 7.5 HIGH
The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).
CVE-2017-8327 1 Entropymine 1 Imageworsener 2024-02-28 7.1 HIGH 6.5 MEDIUM
The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image.
CVE-2016-0747 5 Apple, Canonical, Debian and 2 more 5 Xcode, Ubuntu Linux, Debian Linux and 2 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
CVE-2016-5403 5 Canonical, Debian, Oracle and 2 more 13 Ubuntu Linux, Debian Linux, Linux and 10 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2014-3672 2 Redhat, Xen 2 Libvirt, Xen 2024-02-28 2.1 LOW 6.5 MEDIUM
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
CVE-2016-8666 1 Linux 1 Linux Kernel 2024-02-28 7.8 HIGH 7.5 HIGH
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.