CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-5116 1 DoS 2014-07-29 2014-07-30
5.0
None Remote Low Not required None None Partial
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
2 CVE-2014-5019 20 DoS 2014-07-22 2014-07-22
5.0
None Remote Low Not required None None Partial
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
3 CVE-2014-4979 119 DoS Exec Code Overflow Mem. Corr. 2014-07-26 2014-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
4 CVE-2014-4948 DoS +Info 2014-07-22 2014-08-01
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
5 CVE-2014-4927 119 1 DoS Overflow 2014-07-24 2014-07-25
7.8
None Remote Low Not required None None Complete
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
6 CVE-2014-4911 310 DoS 2014-07-22 2014-08-01
5.0
None Remote Low Not required None None Partial
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
7 CVE-2014-4909 189 DoS Exec Code Overflow 2014-07-29 2014-07-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
8 CVE-2014-4720 DoS 2014-07-06 2014-07-07
5.0
None Remote Low Not required None None Partial
Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477.
9 CVE-2014-4715 189 DoS Overflow Mem. Corr. 2014-07-03 2014-07-17
5.0
None Remote Low Not required None None Partial
Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611.
10 CVE-2014-4699 362 1 DoS +Priv 2014-07-09 2014-08-01
6.9
None Local Medium Not required Complete Complete Complete
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
11 CVE-2014-4698 DoS 2014-07-10 2014-07-18
4.6
None Local Low Not required Partial Partial Partial
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
12 CVE-2014-4670 DoS 2014-07-10 2014-07-18
4.6
None Local Low Not required Partial Partial Partial
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
13 CVE-2014-4667 20 DoS 2014-07-03 2014-07-17
5.0
None Remote Low Not required None None Partial
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
14 CVE-2014-4656 189 DoS Overflow 2014-07-03 2014-08-01
4.9
None Local Low Not required None None Complete
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
15 CVE-2014-4655 189 DoS Overflow Bypass 2014-07-03 2014-08-01
4.9
None Local Low Not required None None Complete
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
16 CVE-2014-4654 DoS 2014-07-03 2014-08-01
4.9
None Local Low Not required None None Complete
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
17 CVE-2014-4653 DoS +Info 2014-07-03 2014-08-01
6.6
None Local Low Not required Complete None Complete
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
18 CVE-2014-4643 119 1 DoS Exec Code Overflow 2014-06-25 2014-06-26
5.0
None Remote Low Not required None None Partial
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
19 CVE-2014-4617 20 DoS 2014-06-25 2014-08-01
5.0
None Remote Low Not required None None Partial
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
20 CVE-2014-4611 20 DoS Overflow Mem. Corr. 2014-07-03 2014-08-01
5.0
None Remote Low Not required None None Partial
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
21 CVE-2014-4608 119 DoS Overflow Mem. Corr. 2014-07-03 2014-08-01
5.0
None Remote Low Not required None None Partial
** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype."
22 CVE-2014-4508 189 DoS 2014-06-23 2014-08-01
4.7
None Local Medium Not required None None Complete
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.
23 CVE-2014-4503 20 DoS 2014-07-23 2014-07-23
4.3
None Remote Medium Not required None None Partial
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.
24 CVE-2014-4342 119 DoS Overflow 2014-07-20 2014-07-22
5.0
None Remote Low Not required None None Partial
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
25 CVE-2014-4341 119 DoS Overflow 2014-07-20 2014-07-22
5.0
None Remote Low Not required None None Partial
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
26 CVE-2014-4337 119 DoS Overflow 2014-06-22 2014-06-23
4.3
None Remote Medium Not required None None Partial
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
27 CVE-2014-4190 119 DoS Overflow 2014-06-17 2014-06-18
7.8
None Remote Low Not required None None Complete
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.
28 CVE-2014-4174 119 DoS Exec Code Overflow Mem. Corr. 2014-06-18 2014-06-19
9.3
None Remote Medium Not required Complete Complete Complete
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.
29 CVE-2014-4171 DoS 2014-06-23 2014-07-17
4.7
None Local Medium Not required None None Complete
mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.
30 CVE-2014-4167 264 DoS 2014-07-11 2014-07-11
3.5
None Remote Medium Single system None None Partial
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
31 CVE-2014-4049 119 DoS Exec Code Overflow 2014-06-18 2014-07-17
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
32 CVE-2014-4048 DoS 2014-06-17 2014-06-18
4.3
None Remote Medium Not required None None Partial
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.
33 CVE-2014-4047 DoS 2014-06-17 2014-06-18
5.0
None Remote Low Not required None None Partial
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.
34 CVE-2014-4045 189 DoS 2014-06-17 2014-06-18
4.3
None Remote Medium Not required None None Partial
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
35 CVE-2014-4044 119 DoS Overflow 2014-06-17 2014-06-21
5.0
None Remote Low Not required None None Partial
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.
36 CVE-2014-4020 189 DoS 2014-06-18 2014-06-19
4.3
None Remote Medium Not required None None Partial
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
37 CVE-2014-3976 119 1 DoS Exec Code Overflow 2014-06-05 2014-06-06
5.0
None Remote Low Not required None None Partial
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.
38 CVE-2014-3970 DoS 2014-06-11 2014-06-12
2.9
None Local Network Medium Not required None None Partial
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
39 CVE-2014-3968 DoS 2014-06-05 2014-07-17
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
40 CVE-2014-3967 DoS 2014-06-05 2014-07-17
5.5
None Local Network Low Single system None None Complete
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
41 CVE-2014-3940 362 DoS Mem. Corr. 2014-06-05 2014-06-18
4.0
None Local High Not required None None Complete
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
42 CVE-2014-3917 200 DoS +Info 2014-06-05 2014-08-01
3.3
None Local Medium Not required Partial None Partial
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
43 CVE-2014-3890 20 DoS 2014-07-02 2014-07-11
5.0
None Remote Low Not required None None Partial
silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889.
44 CVE-2014-3889 20 DoS 2014-07-02 2014-07-11
5.0
None Remote Low Not required None None Partial
silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnerability than CVE-2014-3890.
45 CVE-2014-3880 20 DoS 2014-06-10 2014-06-21
4.9
None Local Low Not required None None Complete
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.
46 CVE-2014-3859 20 DoS 2014-06-13 2014-06-18
5.0
None Remote Low Not required None None Partial
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
47 CVE-2014-3822 20 DoS 2014-07-11 2014-07-17
5.4
None Remote High Not required None None Complete
Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4.
48 CVE-2014-3819 20 DoS 2014-07-11 2014-07-18
7.8
None Remote Low Not required None None Complete
Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet.
49 CVE-2014-3817 20 DoS 2014-07-11 2014-08-01
7.8
None Remote Low Not required None None Complete
Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet.
50 CVE-2014-3815 20 DoS 2014-07-11 2014-07-24
7.8
None Remote Low Not required None None Complete
Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.