Total
945 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-8576 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2024-08-06 | 6.0 Medium |
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | ||||
CVE-2016-7166 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Enterprise Linux and 7 more | 2024-08-06 | N/A |
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | ||||
CVE-2016-6515 | 3 Fedoraproject, Openbsd, Redhat | 3 Fedora, Openssh, Enterprise Linux | 2024-08-06 | N/A |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. | ||||
CVE-2016-6213 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-08-06 | N/A |
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. | ||||
CVE-2016-5547 | 2 Oracle, Redhat | 7 Jdk, Jre, Jrockit and 4 more | 2024-08-06 | N/A |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts). | ||||
CVE-2016-4809 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Enterprise Linux and 7 more | 2024-08-06 | N/A |
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. | ||||
CVE-2016-4074 | 1 Jq Project | 1 Jq | 2024-08-06 | 7.5 High |
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. | ||||
CVE-2016-3500 | 2 Oracle, Redhat | 6 Jdk, Jre, Jrockit and 3 more | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. | ||||
CVE-2016-3508 | 2 Oracle, Redhat | 6 Jdk, Jre, Jrockit and 3 more | 2024-08-05 | N/A |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. | ||||
CVE-2016-0751 | 2 Redhat, Rubyonrails | 3 Rhel Software Collections, Rails, Ruby On Rails | 2024-08-05 | N/A |
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. | ||||
CVE-2017-20016 | 1 Weka | 1 Interest Security Scanner | 2024-08-05 | 4.3 Medium |
A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
CVE-2017-18899 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. | ||||
CVE-2017-18258 | 2 Redhat, Xmlsoft | 4 Ansible Tower, Enterprise Linux, Jboss Core Services and 1 more | 2024-08-05 | N/A |
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. | ||||
CVE-2017-18229 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. | ||||
CVE-2017-18219 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. | ||||
CVE-2017-18028 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-08-05 | N/A |
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. | ||||
CVE-2024-26577 | 2024-08-05 | 7.5 High | ||
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data. | ||||
CVE-2017-15596 | 1 Xen | 1 Xen | 2024-08-05 | N/A |
An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. | ||||
CVE-2017-15124 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-08-05 | N/A |
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. | ||||
CVE-2017-14938 | 1 Gnu | 1 Binutils | 2024-08-05 | N/A |
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. |