Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7971 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. | ||||
| CVE-2015-8339 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. | ||||
| CVE-2015-8772 | 1 Mcafee | 1 File Lock | 2025-04-12 | N/A |
| McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. | ||||
| CVE-2015-8952 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. | ||||
| CVE-2016-0077 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | ||||
| CVE-2016-0808 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298. | ||||
| CVE-2016-10081 | 1 Shutter-project | 1 Shutter | 2025-04-12 | N/A |
| /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. | ||||
| CVE-2014-0227 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more | 2025-04-12 | N/A |
| java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | ||||
| CVE-2015-2188 | 6 Debian, Mageia, Opensuse and 3 more | 7 Debian Linux, Mageia, Opensuse and 4 more | 2025-04-12 | N/A |
| epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. | ||||
| CVE-2014-6610 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-12 | N/A |
| Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. | ||||
| CVE-2013-4769 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | N/A |
| The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. | ||||
| CVE-2010-0213 | 1 Isc | 1 Bind | 2025-04-11 | N/A |
| BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. | ||||
| CVE-2007-0494 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2025-04-09 | N/A |
| ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. | ||||
| CVE-2005-4856 | 1 Ez | 1 Ez Publish | 2025-04-03 | N/A |
| The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". | ||||
| CVE-1999-0226 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | ||||
| CVE-2018-0203 | 1 Cisco | 1 Unity Connection | 2024-12-02 | N/A |
| A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215. | ||||
| CVE-2018-0157 | 1 Cisco | 1 Ios Xe | 2024-12-02 | 8.6 High |
| A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296. | ||||
| CVE-2018-0177 | 1 Cisco | 117 4321 Integrated Services Router, 4331 Integrated Services Router, 4351 Integrated Services Router and 114 more | 2024-12-02 | 7.5 High |
| A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714. | ||||
| CVE-2018-0455 | 1 Cisco | 1 Firepower System Software | 2024-11-26 | N/A |
| A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. It is also possible that a manual reload of the device may be required to clear the condition. The vulnerability is due to incorrect SMB header validation. An attacker could exploit this vulnerability by sending a custom SMB file transfer through the targeted device. A successful exploit could cause the device to consume an excessive amount of system memory and prevent the SNORT process from forwarding network traffic. This vulnerability can be exploited using either IPv4 or IPv6 in combination with SMBv2 or SMBv3 network traffic. | ||||
| CVE-2018-0485 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-26 | N/A |
| A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device. | ||||