Vulnerabilities (CVE)

Filtered by CWE-400
Total 2003 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2225 1 Uclibc-ng Project 1 Uclibc-ng 2025-04-20 5.0 MEDIUM 7.5 HIGH
The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.
CVE-2016-10058 1 Imagemagick 1 Imagemagick 2025-04-20 7.1 HIGH 5.5 MEDIUM
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
CVE-2017-6024 1 Rockwellautomation 4 Compactlogix 5380, Compactlogix 5380 Firmware, Controllogix 5580 and 1 more 2025-04-20 7.1 HIGH 5.9 MEDIUM
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.
CVE-2015-2313 1 Capnproto 1 Capnproto 2025-04-20 7.8 HIGH 7.5 HIGH
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.
CVE-2016-7428 1 Ntp 1 Ntp 2025-04-20 3.3 LOW 4.3 MEDIUM
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
CVE-2017-12741 1 Siemens 76 Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware, Ek-ertec 200p and 73 more 2025-04-20 7.8 HIGH 7.5 HIGH
Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
CVE-2017-2680 1 Siemens 183 S110 Pn, Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware and 180 more 2025-04-20 6.1 MEDIUM 6.5 MEDIUM
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
CVE-2017-12076 1 Synology 1 Diskstation Manager 2025-04-20 4.0 MEDIUM 4.9 MEDIUM
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVE-2017-2461 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
CVE-2017-2327 1 Juniper 1 Northstar Controller 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services.
CVE-2016-6312 1 Redhat 1 Enterprise Linux 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955.
CVE-2017-7285 1 Mikrotik 1 Routeros 2025-04-20 7.8 HIGH 7.5 HIGH
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
CVE-2016-6171 1 Knot-dns 1 Knot Dns 2025-04-20 5.0 MEDIUM 8.6 HIGH
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
CVE-2016-9310 1 Ntp 1 Ntp 2025-04-20 6.4 MEDIUM 6.5 MEDIUM
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2017-3856 1 Cisco 1 Ios Xe 2025-04-20 7.8 HIGH 7.5 HIGH
A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353.
CVE-2016-9039 1 Joyent 1 Smartos 2025-04-20 4.9 MEDIUM 6.2 MEDIUM
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service.
CVE-2013-7428 1 Mapsplugin 1 Googlemaps 2025-04-20 5.0 MEDIUM 7.5 HIGH
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.
CVE-2014-7813 1 Redhat 1 Cloudforms 3.0 Management Engine 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.
CVE-2017-14988 1 Openexr 1 Openexr 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid
CVE-2017-8338 1 Mikrotik 1 Routeros 2025-04-20 7.8 HIGH 7.5 HIGH
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.