Total
2764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16021 | 1 Garycourt | 1 Uri-js | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100% usage while uri-js is trying to validate if the supplied URL is valid or not. To check if you're vulnerable, look for a call to `require("uri-js").parse()` where a user is able to send their own input. Th ...
Show More |
|||||
| CVE-2017-16013 | 1 Hapijs | 1 Hapi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.
|
|||||
| CVE-2017-15345 | 1 Huawei | 2 Lon-l29d, Lon-l29d Firmware | 2024-11-21 | 5.7 MEDIUM | 5.3 MEDIUM |
|
Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.
|
|||||
| CVE-2017-15323 | 1 Huawei | 20 Dp300, Dp300 Firmware, Ecns210 Td and 17 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking ...
Show More |
|||||
| CVE-2017-15133 | 1 Miekg-dns Prject | 1 Miekg-dns | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.
|
|||||
| CVE-2017-15132 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
|
|||||
| CVE-2017-15130 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
|
|||||
| CVE-2017-15119 | 4 Canonical, Debian, Qemu and 1 more | 4 Ubuntu Linux, Debian Linux, Qemu and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.
|
|||||
| CVE-2017-14179 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
|
|||||
| CVE-2017-14177 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
|
|||||
| CVE-2017-13233 | 1 Google | 1 Android | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.
|
|||||
| CVE-2017-13211 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158.
|
|||||
| CVE-2017-12806 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
|
|||||
| CVE-2017-12805 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.
|
|||||
| CVE-2017-12804 | 1 Entropymine | 1 Imageworsener | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.
|
|||||
| CVE-2017-12174 | 2 Apache, Redhat | 4 Activemq Artemis, Enterprise Linux, Hornetq and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
|
|||||
| CVE-2017-12093 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability.
|
|||||
| CVE-2017-12090 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2024-11-21 | 7.8 HIGH | 7.7 HIGH |
|
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability.
|
|||||
| CVE-2017-1000476 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
|
|||||
| CVE-2017-0938 | 1 Ui | 4 Airmax Ac, Airos, Edgemax and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
|
|||||
| CVE-2016-9596 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
|
|||||
| CVE-2016-9589 | 1 Redhat | 1 Jboss Wildfly Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
|
|||||
| CVE-2016-9040 | 1 Joyent | 1 Smartos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.
|
|||||
| CVE-2016-8627 | 1 Redhat | 2 Jboss Enterprise Application Platform, Keycloak | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.
|
|||||
| CVE-2016-8611 | 1 Openstack | 1 Glance | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
|
|||||
| CVE-2016-7072 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accep ...
Show More |
|||||
| CVE-2016-7068 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
|
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted q ...
Show More |
|||||
| CVE-2016-1544 | 2 Fedoraproject, Nghttp2 | 2 Fedora, Nghttp2 | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
|
|||||
| CVE-2016-10724 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
|
|||||
| CVE-2016-10544 | 1 Uws Project | 1 Uws | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.
|
|||||
| CVE-2016-10542 | 1 Ws Project | 1 Ws | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
|
|||||
| CVE-2016-10540 | 1 Minimatch Project | 1 Minimatch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.
|
|||||
| CVE-2016-10539 | 1 Negotiator Project | 1 Negotiator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
|
|||||
| CVE-2016-10527 | 1 Riot.js | 1 Riot-compiler | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions.
|
|||||
| CVE-2016-10524 | 1 I18n-node-angular Project | 1 I18n-node-angular | 2024-11-21 | 6.0 MEDIUM | 8.2 HIGH |
|
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection.
|
|||||
| CVE-2016-10523 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.
|
|||||
| CVE-2016-10521 | 1 Jshamcrest Project | 1 Jshamcrest | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.
|
|||||
| CVE-2016-10520 | 1 Jadedown Project | 1 Jadedown | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
|
|||||
| CVE-2015-9548 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
|
|||||
| CVE-2015-9253 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
|
|||||