Search Results (2713 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6628 1 Cisco 1 Wide Area Application Services 2025-04-20 N/A
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.
CVE-2015-5187 1 Candlepinproject 1 Candlepin 2025-04-20 N/A
Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.
CVE-2017-3793 1 Cisco 1 Adaptive Security Appliance Software 2025-04-20 N/A
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321.
CVE-2016-5434 1 Pacman Project 1 Pacman 2025-04-20 N/A
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.
CVE-2016-0780 2 Cloudfoundry, Pivotal Software 2 Cf-release, Cloud Foundry Elastic Runtime 2025-04-20 7.5 High
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.
CVE-2016-5417 1 Gnu 1 Glibc 2025-04-20 N/A
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
CVE-2017-6630 1 Cisco 2 Ip Phone 8800 Series Firmware, Ip Phone 8851 2025-04-20 N/A
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.
CVE-2017-6625 1 Cisco 1 Firepower Threat Defense 2025-04-20 N/A
A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361.
CVE-2016-10390 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.
CVE-2016-10292 1 Linux 1 Linux Kernel 2025-04-20 N/A
A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.
CVE-2016-10252 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
CVE-2015-8858 1 Uglifyjs Project 1 Uglifyjs 2025-04-20 N/A
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
CVE-2015-2927 3 Debian, Nodejs, Uronode 3 Debian Linux, Node.js, Uro Node 2025-04-20 N/A
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
CVE-2016-6160 1 Broadcom 1 Tcpreplay 2025-04-20 N/A
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
CVE-2016-9740 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-20 N/A
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556.
CVE-2017-6780 1 Cisco 2 Connected Grid Network Management System, Iot Field Network Director 2025-04-20 N/A
A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164.
CVE-2014-9637 4 Canonical, Fedoraproject, Gnu and 1 more 4 Ubuntu Linux, Fedora, Patch and 1 more 2025-04-20 N/A
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVE-2016-9312 2 Microsoft, Ntp 2 Windows, Ntp 2025-04-20 N/A
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
CVE-2014-6438 1 Ruby-lang 1 Ruby 2025-04-20 N/A
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
CVE-2015-8345 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 6.5 Medium
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.