Vulnerabilities (CVE)

Filtered by CWE-770
Total 1886 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12435 1 Imagemagick 1 Imagemagick 2026-06-17 7.8 HIGH 7.5 HIGH
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
CVE-2017-12432 1 Imagemagick 1 Imagemagick 2026-06-17 7.1 HIGH 6.5 MEDIUM
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
CVE-2017-12430 1 Imagemagick 1 Imagemagick 2026-06-17 7.8 HIGH 7.5 HIGH
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
CVE-2017-12429 1 Imagemagick 1 Imagemagick 2026-06-17 7.8 HIGH 7.5 HIGH
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
CVE-2017-12144 1 Ytnef Project 1 Ytnef 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-12132 1 Gnu 1 Glibc 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVE-2017-11525 1 Imagemagick 1 Imagemagick 2026-06-17 7.1 HIGH 6.5 MEDIUM
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-11468 2 Docker, Redhat 2 Docker Registry, Enterprise Linux Server 2026-06-17 5.0 MEDIUM 7.5 HIGH
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
CVE-2017-0771 1 Google 1 Android 2026-06-17 7.1 HIGH 5.5 MEDIUM
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.
CVE-2017-0725 1 Google 1 Android 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194.
CVE-2017-0612 1 Linux 1 Linux Kernel 2026-06-17 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845.
CVE-2016-8576 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2026-06-17 2.1 LOW 6.0 MEDIUM
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-4074 1 Jq Project 1 Jq 2026-06-17 7.8 HIGH 7.5 HIGH
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
CVE-2016-20013 2 Sha256crypt Project, Sha512crypt Project 2 Sha256crypt, Sha512crypt 2026-06-17 5.0 MEDIUM 7.5 HIGH
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
CVE-2014-125127 1 Flightphp 1 Flight 2026-06-17 N/A 7.5 HIGH
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application needs it. An attacker can exploit this by sending requests with large payloads, causing excessive memory consumption and potentially exhausting available server memory, leading to application crashes or service unavailability. The vulnerability was fixed in v1.2 by implementing lazy loading of request bodies.
CVE-2011-0419 9 Apache, Apple, Debian and 6 more 10 Http Server, Portable Runtime, Mac Os X and 7 more 2026-06-16 4.3 MEDIUM N/A
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
CVE-2009-4017 3 Apple, Debian, Php 3 Mac Os X, Debian Linux, Php 2026-06-16 5.0 MEDIUM N/A
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
CVE-2009-2726 1 Digium 3 Asterisk, S800i, S800i Firmware 2026-06-16 7.8 HIGH N/A
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.
CVE-2009-2540 1 Opera 1 Opera Browser 2026-06-16 4.3 MEDIUM N/A
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-2054 1 Cisco 1 Unified Communications Manager 2026-06-16 7.8 HIGH N/A
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.