| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.
|
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.
|
| OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. |
| VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982. |
| Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function. |
| The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. |
| Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. |
| epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. |
| epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. |
| Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. |
| The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. |
| The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability. |
| The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. |
| Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361. |
| The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233. |
| Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379. |
| The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223. |
| The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. |
| The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. |
| Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331. |