Total
1929 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7068 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
| An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. | |||||
| CVE-2016-1544 | 2 Fedoraproject, Nghttp2 | 2 Fedora, Nghttp2 | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | |||||
| CVE-2016-10724 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. | |||||
| CVE-2016-10524 | 1 I18n-node-angular Project | 1 I18n-node-angular | 2024-11-21 | 6.0 MEDIUM | 8.2 HIGH |
| i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. | |||||
| CVE-2015-9548 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | |||||
| CVE-2015-9253 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. | |||||
| CVE-2015-5333 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | |||||
| CVE-2015-4412 | 1 Bson Project | 1 Bson | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string. | |||||
| CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | |||||
| CVE-2014-8937 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. | |||||
| CVE-2014-3648 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. | |||||
| CVE-2014-3447 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability | |||||
| CVE-2014-2885 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. | |||||
| CVE-2014-0212 | 1 Apache | 1 Qpid-cpp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors | |||||
| CVE-2013-7470 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. | |||||
| CVE-2013-4602 | 1 Avira | 10 Antivir Mailgate, Antivir Mailgate Suite, Antivir Personal and 7 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine. | |||||
| CVE-2013-4175 | 1 Mysecureshell Project | 1 Mysecureshell | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| MySecureShell 1.31 has a Local Denial of Service Vulnerability | |||||
| CVE-2013-4120 | 1 Theforeman | 1 Katello | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Katello has a Denial of Service vulnerability in API OAuth authentication | |||||
| CVE-2013-3691 | 1 Ovislink | 2 Airlive Poe2600hd, Airlive Poe2600hd Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. | |||||
| CVE-2013-3074 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). | |||||