Vulnerabilities (CVE)

Filtered by CWE-400
Total 1928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-5056 1 Maradns 1 Maradns 2020-08-14 2.1 LOW N/A
The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024.
CVE-2014-8559 6 Canonical, Linux, Novell and 3 more 11 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 8 more 2020-08-13 4.9 MEDIUM 5.5 MEDIUM
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
CVE-2011-1083 3 Linux, Redhat, Suse 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2020-08-12 4.9 MEDIUM N/A
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
CVE-2010-0205 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2020-08-07 4.3 MEDIUM N/A
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
CVE-2020-8192 1 Fastify 1 Fastify 2020-08-06 4.0 MEDIUM 6.5 MEDIUM
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
CVE-2011-1640 1 Cisco 1 Ios 2020-08-05 7.8 HIGH 7.5 HIGH
The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354.
CVE-2017-5972 1 Linux 1 Linux Kernel 2020-07-31 7.8 HIGH 7.5 HIGH
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
CVE-2012-0260 5 Canonical, Debian, Imagemagick and 2 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2014-7255 1 Iij 8 Seil B1, Seil B1 Firmware, Seil X1 and 5 more 2020-07-31 5.0 MEDIUM 7.5 HIGH
Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent.
CVE-2012-0382 1 Cisco 2 Ios, Ios Xe 2020-07-30 7.8 HIGH 7.5 HIGH
The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.
CVE-2012-0058 1 Linux 1 Linux Kernel 2020-07-29 4.9 MEDIUM 5.5 MEDIUM
The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.
CVE-2020-8175 1 Jpeg-js Project 1 Jpeg-js 2020-07-27 4.3 MEDIUM 5.5 MEDIUM
Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.
CVE-2017-3857 1 Cisco 2 Ios, Ios Xe 2020-07-27 7.8 HIGH 7.5 HIGH
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.
CVE-2020-3351 1 Cisco 10 Sd-wan Firmware, Vedge 100, Vedge 1000 and 7 more 2020-07-23 7.8 HIGH 8.6 HIGH
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.
CVE-2020-7584 1 Siemens 4 Simatic S7-200 Smart Sr Cpu, Simatic S7-200 Smart Sr Cpu Firmware, Simatic S7-200 Smart St Cpu and 1 more 2020-07-17 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation.
CVE-2020-5603 1 Mitsubishielectric 20 Cpu Module Logging Configuration Tool, Cw Configurator, Em Configurator and 17 more 2020-07-09 5.0 MEDIUM 7.5 HIGH
Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.
CVE-2020-12603 1 Envoyproxy 1 Envoy 2020-07-09 5.0 MEDIUM 7.5 HIGH
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
CVE-2020-8663 1 Envoyproxy 1 Envoy 2020-07-08 5.0 MEDIUM 7.5 HIGH
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
CVE-2020-9611 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2020-06-30 4.3 MEDIUM 5.5 MEDIUM
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.
CVE-2018-21250 1 Mattermost 1 Mattermost Server 2020-06-29 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.