Vulnerabilities (CVE)

Filtered by CWE-400
Total 1928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4602 1 Avira 10 Antivir Mailgate, Antivir Mailgate Suite, Antivir Personal and 7 more 2020-02-18 7.1 HIGH 5.5 MEDIUM
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
CVE-2012-0810 1 Linux 1 Linux Kernel 2020-02-14 4.9 MEDIUM 5.5 MEDIUM
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.
CVE-2017-0938 1 Ui 4 Airmax Ac, Airos, Edgemax and 1 more 2020-02-13 5.0 MEDIUM 7.5 HIGH
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
CVE-2016-1544 2 Fedoraproject, Nghttp2 2 Fedora, Nghttp2 2020-02-10 2.1 LOW 3.3 LOW
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
CVE-2020-5236 1 Agendaless 1 Waitress 2020-02-06 6.8 MEDIUM 6.5 MEDIUM
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.
CVE-2020-8123 1 Strapi 1 Strapi 2020-02-06 4.0 MEDIUM 4.9 MEDIUM
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
CVE-2019-16018 1 Cisco 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more 2020-02-03 4.3 MEDIUM 6.5 MEDIUM
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
CVE-2019-5472 1 Gitlab 1 Gitlab 2020-01-31 5.0 MEDIUM 7.5 HIGH
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.
CVE-2013-3074 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2020-01-30 7.8 HIGH 7.5 HIGH
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
CVE-2012-4863 1 Ibm 1 Websphere Mq 2020-01-30 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability
CVE-2019-16022 1 Cisco 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more 2020-01-29 5.0 MEDIUM 8.6 HIGH
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
CVE-2019-16020 1 Cisco 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more 2020-01-29 5.0 MEDIUM 8.6 HIGH
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
CVE-2015-5333 2 Openbsd, Opensuse 2 Libressl, Opensuse 2020-01-29 5.0 MEDIUM 7.5 HIGH
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
CVE-2020-3131 2 Cisco, Microsoft 2 Webex Teams, Windows 2020-01-28 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131.
CVE-2008-7314 1 Mirc 1 Mirc 2020-01-27 5.0 MEDIUM 7.5 HIGH
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.
CVE-2013-4175 1 Mysecureshell Project 1 Mysecureshell 2020-01-27 2.1 LOW 5.5 MEDIUM
MySecureShell 1.31 has a Local Denial of Service Vulnerability
CVE-2012-6083 1 Freeciv 1 Freeciv 2020-01-27 7.8 HIGH 7.5 HIGH
Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.
CVE-2020-6173 1 Linuxfoundation 1 The Update Framework 2020-01-21 5.0 MEDIUM 5.3 MEDIUM
TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.
CVE-2019-20146 1 Gitlab 1 Gitlab 2020-01-17 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption.
CVE-2014-3447 1 Bss Continuity Cms Project 1 Bss Continuty Cms 2020-01-14 5.0 MEDIUM 7.5 HIGH
BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability