Vulnerabilities (CVE)

Filtered by CWE-400
Total 1447 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6535 1 Mitsubishielectric 36 Q03udecpu, Q03udecpu Firmware, Q03udvcpu and 33 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash.
CVE-2017-5693 1 Intel 2 Puma, Puma Firmware 2023-12-10 7.8 HIGH 7.5 HIGH
Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.
CVE-2018-19881 1 Artifex 1 Mupdf 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
CVE-2018-16845 5 Apple, Canonical, Debian and 2 more 5 Xcode, Ubuntu Linux, Debian Linux and 2 more 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
CVE-2018-16843 5 Apple, Canonical, Debian and 2 more 5 Xcode, Ubuntu Linux, Debian Linux and 2 more 2023-12-10 7.8 HIGH 7.5 HIGH
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
CVE-2016-9040 1 Joyent 1 Smartos 2023-12-10 4.9 MEDIUM 5.5 MEDIUM
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.
CVE-2018-15671 1 Hdfgroup 1 Hdf5 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.
CVE-2018-15396 1 Cisco 1 Unity Connection 2023-12-10 4.0 MEDIUM 6.8 MEDIUM
A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.
CVE-2018-0048 1 Juniper 1 Junos 2023-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3;
CVE-2018-6922 1 Freebsd 1 Freebsd 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.
CVE-2018-17281 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2023-12-10 5.0 MEDIUM 7.5 HIGH
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
CVE-2018-3935 1 Yitechnology 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.
CVE-2018-10864 1 Redhat 2 Certification, Linux 2023-12-10 5.0 MEDIUM 6.2 MEDIUM
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.
CVE-2018-10608 1 Selinc 1 Acselerator Architect 2023-12-10 7.8 HIGH 7.5 HIGH
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required.
CVE-2018-14940 1 Phpcms 1 Phpcms 2023-12-10 5.0 MEDIUM 7.5 HIGH
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.
CVE-2018-0700 1 Hyuki 1 Yukiwiki 2023-12-10 7.8 HIGH 7.5 HIGH
YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition.
CVE-2018-5819 2 Debian, Libraw 2 Debian Linux, Libraw 2023-12-10 7.8 HIGH 7.5 HIGH
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
CVE-2017-1794 1 Ibm 1 Tivoli Monitoring 2023-12-10 6.0 MEDIUM 7.5 HIGH
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
CVE-2018-14596 1 Wancms 1 Wancms 2023-12-10 5.0 MEDIUM 7.5 HIGH
wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers.
CVE-2018-17898 1 Yokogawa 8 Fcj, Fcj Firmware, Fcn-100 and 5 more 2023-12-10 7.8 HIGH 7.5 HIGH
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.