Total
1352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12132 | 1 Gnu | 1 Glibc | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | |||||
| CVE-2017-6653 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803. | |||||
| CVE-2017-8779 | 3 Libtirpc Project, Ntirpc Project, Rpcbind Project | 3 Libtirpc, Ntirpc, Rpcbind | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. | |||||
| CVE-2017-0612 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845. | |||||
| CVE-2017-13763 | 1 Onosproject | 1 Onos | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. | |||||
| CVE-2017-12429 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-13133 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
| In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. | |||||
| CVE-2017-7963 | 1 Php | 1 Php | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior. | |||||
| CVE-2017-7696 | 1 Sap | 1 Sso Authentication Library | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | |||||
| CVE-2017-6640 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346. | |||||
| CVE-2022-42531 | 1 Google | 1 Android | 2025-04-17 | N/A | 7.8 HIGH |
| In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A | |||||
| CVE-2024-57662 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
| An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57663 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
| An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57664 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
| An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57722 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 7.5 HIGH |
| lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_create. | |||||
| CVE-2022-45434 | 2 Dahuasecurity, Microsoft | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-14 | N/A | 5.9 MEDIUM |
| Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host. | |||||
| CVE-2016-8576 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | |||||
| CVE-2016-4074 | 1 Jq Project | 1 Jq | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. | |||||
| CVE-2020-36568 | 1 Revel | 1 Revel | 2025-04-11 | N/A | 7.5 HIGH |
| Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation. | |||||
| CVE-2025-0122 | 2025-04-11 | N/A | N/A | ||
| A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst of crafted packets to that device. | |||||