CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-400

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000373 400 Exec Code 2017-06-19 2017-08-11
6.4
None Remote Low Not required None Partial Partial
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
2 CVE-2017-1000064 400 2017-07-17 2017-07-19
5.0
None Remote Low Not required None None Partial
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS
3 CVE-2017-14342 400 2017-09-12 2017-09-15
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
4 CVE-2017-14341 400 2017-09-12 2017-09-15
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
5 CVE-2017-14229 400 DoS 2017-09-09 2017-09-14
5.0
None Remote Low Not required None None Partial
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
6 CVE-2017-14158 400 DoS 2017-09-05 2017-09-07
7.8
None Remote Low Not required None None Complete
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.
7 CVE-2017-12852 400 2017-08-15 2017-08-24
5.0
None Remote Low Not required None None Partial
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
8 CVE-2017-12077 400 DoS 2017-08-28 2017-08-31
4.0
None Remote Low Single system None None Partial
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
9 CVE-2017-12076 400 DoS 2017-08-28 2017-08-31
4.0
None Remote Low Single system None None Partial
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
10 CVE-2017-11530 400 DoS 2017-07-22 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
11 CVE-2017-11529 400 DoS 2017-07-22 2017-07-28
4.3
None Remote Medium Not required None None Partial
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
12 CVE-2017-11527 400 DoS 2017-07-22 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
13 CVE-2017-11526 400 DoS 2017-07-22 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
14 CVE-2017-11521 400 DoS 2017-07-22 2017-08-18
5.0
None Remote Low Not required None None Partial
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.
15 CVE-2017-11142 400 DoS 2017-07-10 2017-07-18
7.8
None Remote Low Not required None None Complete
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
16 CVE-2017-10922 400 DoS 2017-07-04 2017-08-21
5.0
None Remote Low Not required None None Partial
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
17 CVE-2017-10800 400 DoS 2017-07-02 2017-07-05
4.3
None Remote Medium Not required None None Partial
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
18 CVE-2017-10799 400 DoS 2017-07-02 2017-07-05
4.3
None Remote Medium Not required None None Partial
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
19 CVE-2017-9845 400 DoS 2017-07-12 2017-07-21
7.8
None Remote Low Not required None None Complete
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
20 CVE-2017-9627 400 DoS 2017-07-07 2017-07-13
5.0
None Remote Low Not required None None Partial
An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.
21 CVE-2017-9358 400 2017-06-02 2017-07-07
5.0
None Remote Low Not required None None Partial
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and leading to memory exhaustion (by message logging in that loop).
22 CVE-2017-9259 400 DoS 2017-07-27 2017-08-11
4.3
None Remote Medium Not required None None Partial
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.
23 CVE-2017-9258 400 DoS 2017-07-27 2017-08-11
7.1
None Remote Medium Not required None None Complete
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.
24 CVE-2017-9129 400 DoS 2017-06-21 2017-07-05
4.3
None Remote Medium Not required None None Partial
The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file.
25 CVE-2017-9119 400 DoS 2017-05-21 2017-06-01
7.5
None Remote Low Not required Partial Partial Partial
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
26 CVE-2017-8112 400 DoS 2017-05-02 2017-06-30
4.9
None Local Low Not required None None Complete
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
27 CVE-2017-7940 400 2017-04-18 2017-06-30
4.3
None Remote Medium Not required None None Partial
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
28 CVE-2017-7935 400 2017-05-18 2017-05-26
7.8
None Remote Low Not required None None Complete
A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests.
29 CVE-2017-7594 400 DoS 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
30 CVE-2017-7285 400 2017-03-29 2017-04-10
7.8
None Remote Low Not required None None Complete
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
31 CVE-2017-7007 400 DoS 2017-07-20 2017-07-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).
32 CVE-2017-6314 400 DoS 2017-03-09 2017-03-13
4.3
None Remote Medium Not required None None Partial
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
33 CVE-2017-6043 400 2017-06-21 2017-06-27
7.8
None Remote Low Not required None None Complete
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
34 CVE-2017-6024 400 DoS 2017-05-05 2017-05-17
7.1
None Remote Medium Not required None None Complete
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.
35 CVE-2017-6019 400 2017-04-07 2017-08-15
7.8
None Remote Low Not required None None Complete
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
36 CVE-2017-6017 400 2017-06-29 2017-07-05
7.8
None Remote Low Not required None None Complete
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.
37 CVE-2017-5351 400 2017-01-12 2017-01-27
7.8
None Remote Low Not required None None Complete
Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.
38 CVE-2017-2348 400 DoS 2017-07-17 2017-08-15
5.0
None Remote Low Not required None None Partial
The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX.
39 CVE-2017-2315 400 DoS 2017-04-24 2017-07-10
7.8
None Remote Low Not required None None Complete
On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.
40 CVE-2017-0886 400 DoS 2017-04-05 2017-04-10
4.0
None Remote Low Single system None None Partial
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.
41 CVE-2016-10058 400 DoS 2017-03-23 2017-03-24
7.1
None Remote Medium Not required None None Complete
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
42 CVE-2016-10047 400 DoS 2017-03-23 2017-03-24
7.1
None Remote Medium Not required None None Complete
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
43 CVE-2016-9916 400 DoS 2016-12-29 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.
44 CVE-2016-9915 400 DoS 2016-12-29 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.
45 CVE-2016-9914 400 DoS 2016-12-29 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
46 CVE-2016-9913 400 DoS 2016-12-29 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.
47 CVE-2016-9912 400 2016-12-23 2017-06-30
2.1
None Local Low Not required None None Partial
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
48 CVE-2016-9911 400 2016-12-23 2017-06-30
2.1
None Local Low Not required None None Partial
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
49 CVE-2016-9907 400 2016-12-23 2017-06-30
2.1
None Local Low Not required None None Partial
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
50 CVE-2016-9685 400 DoS 2016-12-28 2016-12-30
4.9
None Local Low Not required None None Complete
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
Total number of vulnerabilities : 80   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.