Total
2554 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6188 | 1 Alinto | 1 Sogo | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | |||||
CVE-2016-6301 | 1 Busybox | 1 Busybox | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. | |||||
CVE-2016-9225 | 1 Cisco | 1 Asa Cx Context-aware Security Software | 2023-12-10 | 7.8 HIGH | 8.6 HIGH |
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946. | |||||
CVE-2016-5434 | 1 Pacman Project | 1 Pacman | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. | |||||
CVE-2016-9221 | 1 Cisco | 1 Aironet Access Point Software | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85). | |||||
CVE-2015-8855 | 1 Nodejs | 1 Node.js | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||||
CVE-2015-7313 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. | |||||
CVE-2014-9854 | 4 Canonical, Imagemagick, Opensuse and 1 more | 7 Ubuntu Linux, Imagemagick, Leap and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | |||||
CVE-2016-9354 | 1 Moxa | 1 Dacenter | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. | |||||
CVE-2016-6581 | 1 Python | 2 Hpack, Hyper | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine. | |||||
CVE-2016-10252 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. | |||||
CVE-2016-6894 | 1 Arista | 6 Dcs-7050q, Dcs-7050q Eos Software, Dcs-7050s and 3 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane. | |||||
CVE-2016-8740 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | |||||
CVE-2015-8858 | 1 Uglifyjs Project | 1 Uglifyjs | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." | |||||
CVE-2016-5822 | 1 Huawei | 1 Oceanstor 5800 V3 | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. | |||||
CVE-2016-8883 | 1 Jasper Project | 1 Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||||
CVE-2014-9850 | 4 Canonical, Imagemagick, Opensuse and 1 more | 8 Ubuntu Linux, Imagemagick, Opensuse and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | |||||
CVE-2014-3221 | 1 Huawei | 2 Eudemon8000e, Eudemon8000e Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device. | |||||
CVE-2016-9220 | 1 Cisco | 1 Aironet Access Point Software | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91). | |||||
CVE-2016-6467 | 1 Cisco | 2 Asr 5000, Asr 5000 Series Software | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. |