Total
2547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0780 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications. | |||||
| CVE-2016-4921 | 1 Juniper | 1 Junos | 2026-05-13 | 7.8 HIGH | 7.5 HIGH |
| By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.3 prior to 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. | |||||
| CVE-2015-5187 | 1 Candlepinproject | 1 Candlepin | 2026-05-13 | 6.4 MEDIUM | 6.5 MEDIUM |
| Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. | |||||
| CVE-2016-9312 | 2 Microsoft, Ntp | 2 Windows, Ntp | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | |||||
| CVE-2016-8781 | 1 Huawei | 6 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6500 and 3 more | 2026-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition. | |||||
| CVE-2011-4650 | 1 Cisco | 1 Data Center Network Manager | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then the CPU utilization increases. Known Affected Releases: 5.2(1). Known Fixed Releases: 6.0(0)SL1(0.14) 5.2(2.73)S0. Product identification: CSCtt15295. | |||||
| CVE-2016-7539 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2016-10153 | 1 Linux | 1 Linux Kernel | 2026-05-13 | 7.2 HIGH | 7.8 HIGH |
| The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. | |||||
| CVE-2016-9740 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2026-05-13 | 7.8 HIGH | 7.5 HIGH |
| IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. | |||||
| CVE-2014-9850 | 4 Canonical, Imagemagick, Opensuse and 1 more | 8 Ubuntu Linux, Imagemagick, Opensuse and 5 more | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | |||||
| CVE-2016-6173 | 1 Nlnetlabs | 1 Nsd | 2026-05-13 | 7.8 HIGH | 7.5 HIGH |
| NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | |||||
| CVE-2015-6377 | 1 Cisco | 1 Virtual Topology System | 2026-05-06 | 7.8 HIGH | N/A |
| Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379. | |||||
| CVE-2015-6295 | 1 Cisco | 8 Nexus 9000, Nexus 93120tx, Nexus 93128tx and 5 more | 2026-05-06 | 4.8 MEDIUM | N/A |
| Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. | |||||
| CVE-2016-5348 | 1 Google | 1 Android | 2026-05-06 | 7.1 HIGH | 5.9 MEDIUM |
| The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864. | |||||
| CVE-2015-2778 | 1 Quassel-irc | 1 Quassel | 2026-05-06 | 5.0 MEDIUM | N/A |
| Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. | |||||
| CVE-2015-1625 | 1 Microsoft | 1 Internet Explorer | 2026-05-06 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1634. | |||||
| CVE-2015-0045 | 1 Microsoft | 1 Internet Explorer | 2026-05-06 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0053. | |||||
| CVE-2015-3223 | 1 Samba | 1 Samba | 2026-05-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | |||||
| CVE-2016-3156 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2026-05-06 | 2.1 LOW | 5.5 MEDIUM |
| The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. | |||||
| CVE-2016-3949 | 1 Siemens | 4 Simatic S7-300 With Profitnet Support, Simatic S7-300 With Profitnet Support Firmware, Simatic S7-300 Without Profitnet Support and 1 more | 2026-05-06 | 7.8 HIGH | 7.5 HIGH |
| Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets. | |||||