Search Results (2918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7942 5 Canonical, Chromium, Google and 2 more 9 Ubuntu Linux, Chromium, Chrome and 6 more 2025-04-12 N/A
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2016-2179 3 Openssl, Oracle, Redhat 3 Openssl, Linux, Enterprise Linux 2025-04-12 N/A
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
CVE-2015-0643 1 Cisco 2 Ios, Ios Xe 2025-04-12 N/A
Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572.
CVE-2015-1819 8 Apple, Canonical, Debian and 5 more 12 Iphone Os, Mac Os X, Tvos and 9 more 2025-04-12 N/A
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2016-5426 1 Powerdns 1 Authoritative 2025-04-12 N/A
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.
CVE-2015-5262 3 Apache, Canonical, Fedoraproject 3 Httpclient, Ubuntu Linux, Fedora 2025-04-12 N/A
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
CVE-2016-2109 2 Openssl, Redhat 12 Openssl, Enterprise Linux, Enterprise Linux Desktop and 9 more 2025-04-12 N/A
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
CVE-2015-8002 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
CVE-2015-8003 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
CVE-2014-7907 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.
CVE-2014-8104 5 Canonical, Debian, Mageia and 2 more 6 Ubuntu Linux, Debian Linux, Mageia and 3 more 2025-04-12 N/A
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
CVE-2016-3156 4 Canonical, Linux, Novell and 1 more 12 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 9 more 2025-04-12 N/A
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVE-2014-8116 5 Canonical, File Project, Freebsd and 2 more 5 Ubuntu Linux, File, Freebsd and 2 more 2025-04-12 N/A
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
CVE-2014-8117 5 Canonical, File Project, Freebsd and 2 more 5 Ubuntu Linux, File, Freebsd and 2 more 2025-04-12 N/A
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
CVE-2015-8087 1 Huawei 6 Ne20e-s, Ne40e, Ne40e-m and 3 more 2025-04-12 N/A
Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a "VPN routing and forwarding (VRF) hopping vulnerability."
CVE-2014-8333 2 Openstack, Redhat 3 Nova, Enterprise Linux, Openstack 2025-04-12 N/A
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
CVE-2014-8414 1 Digium 2 Asterisk, Certified Asterisk 2025-04-12 N/A
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
CVE-2014-9296 2 Ntp, Redhat 3 Ntp, Enterprise Linux, Rhel Eus 2025-04-12 N/A
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
CVE-2014-9744 2 Opensuse, Polarssl 2 Opensuse, Polarssl 2025-04-12 N/A
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
CVE-2014-9745 4 Canonical, Debian, Freetype and 1 more 4 Ubuntu Linux, Debian Linux, Freetype and 1 more 2025-04-12 N/A
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.