Vulnerabilities (CVE)

Filtered by CWE-400
Total 1614 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4251 3 Linux, Redhat, Vmware 3 Linux Kernel, Enterprise Linux, Esx 2024-02-28 7.8 HIGH 7.5 HIGH
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
CVE-2011-4838 1 Jruby 1 Jruby 2024-02-28 5.0 MEDIUM N/A
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2010-0205 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2024-02-28 4.3 MEDIUM N/A
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
CVE-2011-1083 3 Linux, Redhat, Suse 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2024-02-28 4.9 MEDIUM N/A
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
CVE-2010-4671 1 Cisco 1 Ios 2024-02-28 7.8 HIGH N/A
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.
CVE-2011-0999 1 Linux 1 Linux Kernel 2024-02-28 4.9 MEDIUM N/A
mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application.
CVE-2011-2689 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-02-28 4.9 MEDIUM N/A
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.
CVE-2011-3348 2 Apache, Redhat 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server 2024-02-28 4.3 MEDIUM N/A
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
CVE-2011-0985 2 Debian, Google 2 Debian Linux, Chrome 2024-02-28 7.5 HIGH N/A
Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.
CVE-2010-4249 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-02-28 4.9 MEDIUM N/A
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
CVE-2010-3858 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-02-28 4.9 MEDIUM N/A
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
CVE-2011-1640 1 Cisco 1 Ios 2024-02-28 7.8 HIGH 7.5 HIGH
The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354.
CVE-2009-3621 6 Canonical, Fedoraproject, Linux and 3 more 8 Ubuntu Linux, Fedora, Linux Kernel and 5 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
CVE-2009-1891 5 Apache, Canonical, Debian and 2 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2024-02-28 7.1 HIGH N/A
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2009-1890 5 Apache, Canonical, Debian and 2 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2024-02-28 7.1 HIGH N/A
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
CVE-2009-3270 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
CVE-2008-3534 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-02-28 4.9 MEDIUM N/A
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
CVE-2009-3267 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
CVE-2008-4077 2 Ledgersmb, Sql-ledger 2 Ledgersmb, Sql-ledger 2024-02-28 7.8 HIGH N/A
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
CVE-2009-2521 1 Microsoft 1 Internet Information Services 2024-02-28 5.0 MEDIUM N/A
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."