CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-2213 DoS 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.
2 CVE-2016-2052 DoS 2016-01-25 2016-01-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
3 CVE-2016-2051 DoS 2016-01-25 2016-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
4 CVE-2016-1983 20 DoS 2016-01-27 2016-01-31
5.0
None Remote Low Not required None None Partial
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
5 CVE-2016-1982 20 DoS 2016-01-27 2016-01-31
5.0
None Remote Low Not required None None Partial
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
6 CVE-2016-1946 DoS Overflow 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.
7 CVE-2016-1945 DoS 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.
8 CVE-2016-1944 DoS Mem. Corr. 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
9 CVE-2016-1933 DoS Overflow 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.
10 CVE-2016-1931 DoS Exec Code Mem. Corr. 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
11 CVE-2016-1930 DoS Exec Code Mem. Corr. 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
12 CVE-2016-1929 20 DoS 2016-01-20 2016-01-22
8.5
None Remote Low Not required None Partial Complete
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.
13 CVE-2016-1928 119 DoS Exec Code Overflow 2016-01-20 2016-01-22
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.
14 CVE-2016-1924 DoS 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
15 CVE-2016-1923 DoS Overflow 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
16 CVE-2016-1907 119 DoS Overflow 2016-01-19 2016-01-22
5.0
None Remote Low Not required None None Partial
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
17 CVE-2016-1904 189 DoS Overflow 2016-01-19 2016-01-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.
18 CVE-2016-1903 119 DoS Overflow +Info 2016-01-19 2016-01-22
6.4
None Remote Low Not required Partial None Partial
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.
19 CVE-2016-1882 DoS 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.
20 CVE-2016-1879 DoS 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
21 CVE-2016-1867 119 DoS Overflow 2016-01-20 2016-01-25
4.3
None Remote Medium Not required None None Partial
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
22 CVE-2016-1727 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
23 CVE-2016-1726 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
24 CVE-2016-1725 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
25 CVE-2016-1724 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
26 CVE-2016-1723 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
27 CVE-2016-1722 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
28 CVE-2016-1721 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
29 CVE-2016-1720 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-02-01
7.2
None Local Low Not required Complete Complete Complete
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
30 CVE-2016-1719 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
31 CVE-2016-1718 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
32 CVE-2016-1717 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
33 CVE-2016-1716 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
34 CVE-2016-1715 189 DoS +Priv Mem. Corr. 2016-01-12 2016-01-21
5.5
None Local Medium Single system Partial Partial Complete
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location.
35 CVE-2016-1620 DoS 2016-01-25 2016-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
36 CVE-2016-1619 119 DoS Overflow 2016-01-25 2016-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.
37 CVE-2016-1613 DoS 2016-01-25 2016-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.
38 CVE-2016-1612 20 DoS 2016-01-25 2016-01-26
6.8
None Remote Medium Not required Partial Partial Partial
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.
39 CVE-2016-1571 17 DoS 2016-01-22 2016-01-25
4.7
None Local Medium Not required None None Complete
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
40 CVE-2016-1570 20 DoS +Priv +Info 2016-01-22 2016-01-25
6.9
None Local Medium Not required Complete Complete Complete
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
41 CVE-2016-1569 20 DoS 2016-01-13 2016-01-15
4.0
None Remote Low Single system None None Partial
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
42 CVE-2016-1499 200 DoS +Info 2016-01-08 2016-01-11
7.5
None Remote Low Single system Partial None Complete
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.
43 CVE-2016-1303 DoS 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.
44 CVE-2016-1299 DoS 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.
45 CVE-2016-1284 DoS 2016-02-04 2016-02-04
0.0
None ??? ??? ??? ??? ??? ???
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
46 CVE-2016-1283 119 DoS Overflow 2016-01-02 2016-01-07
7.5
None Remote Low Not required Partial Partial Partial
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
47 CVE-2016-1262 20 DoS 2016-01-15 2016-01-21
4.3
None Remote Medium Not required None None Partial
Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet.
48 CVE-2016-1260 399 DoS 2016-01-15 2016-01-21
5.0
None Remote Low Not required None None Partial
Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic.
49 CVE-2016-1258 20 DoS 2016-01-15 2016-01-21
5.0
None Remote Low Not required None None Partial
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors.
50 CVE-2016-1257 20 DoS 2016-01-15 2016-01-21
4.3
None Remote Medium Not required None None Partial
The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.