CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3417 DoS 2015-04-24 2015-04-24
0.0
None ??? ??? ??? ??? ??? ???
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
2 CVE-2015-3416 DoS Overflow 2015-04-24 2015-04-24
0.0
None ??? ??? ??? ??? ??? ???
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
3 CVE-2015-3415 DoS 2015-04-24 2015-04-24
0.0
None ??? ??? ??? ??? ??? ???
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
4 CVE-2015-3414 DoS 2015-04-24 2015-04-24
0.0
None ??? ??? ??? ??? ??? ???
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
5 CVE-2015-3336 264 DoS 2015-04-19 2015-04-20
4.3
None Remote Medium Not required None None Partial
Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.
6 CVE-2015-3333 DoS 2015-04-19 2015-04-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
7 CVE-2015-3323 20 DoS 2015-04-16 2015-04-20
5.0
None Remote Low Not required None None Partial
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
8 CVE-2015-3310 DoS Overflow 2015-04-24 2015-04-24
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
9 CVE-2015-3145 DoS 2015-04-24 2015-04-24
0.0
None ??? ??? ??? ??? ??? ???
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
10 CVE-2015-3144 DoS 2015-04-24 2015-04-24
0.0
None ??? ??? ??? ??? ??? ???
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
11 CVE-2015-3043 DoS Exec Code Mem. Corr. 2015-04-14 2015-04-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
12 CVE-2015-3042 DoS Exec Code Mem. Corr. 2015-04-14 2015-04-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.
13 CVE-2015-3041 DoS Exec Code Mem. Corr. 2015-04-14 2015-04-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043.
14 CVE-2015-3038 DoS Exec Code Mem. Corr. 2015-04-14 2015-04-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.
15 CVE-2015-2942 399 DoS 2015-04-13 2015-04-14
7.1
None Remote Medium Not required None None Complete
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.
16 CVE-2015-2937 399 DoS 2015-04-13 2015-04-14
7.1
None Remote Medium Not required None None Complete
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.
17 CVE-2015-2936 399 DoS 2015-04-13 2015-04-14
7.1
None Remote Medium Not required None None Complete
MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.
18 CVE-2015-2822 20 DoS 2015-04-08 2015-04-09
4.3
None Remote Medium Not required None None Partial
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.
19 CVE-2015-2820 119 DoS Overflow 2015-04-01 2015-04-01
5.0
None Remote Low Not required None None Partial
Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584.
20 CVE-2015-2819 20 DoS 2015-04-01 2015-04-15
5.0
None Remote Low Not required None None Partial
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.
21 CVE-2015-2815 119 DoS Exec Code Overflow 2015-04-01 2015-04-02
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.
22 CVE-2015-2809 200 DoS +Info 2015-03-31 2015-04-01
5.0
None Remote Low Not required Partial None None
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
23 CVE-2015-2790 20 DoS Mem. Corr. 2015-03-30 2015-03-31
4.3
None Remote Medium Not required None None Partial
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
24 CVE-2015-2785 119 DoS Exec Code Overflow 2015-03-29 2015-03-30
7.5
None Remote Low Not required Partial Partial Partial
The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.
25 CVE-2015-2782 119 DoS Exec Code Overflow 2015-04-08 2015-04-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.
26 CVE-2015-2779 399 DoS 2015-04-10 2015-04-13
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.
27 CVE-2015-2778 399 DoS 2015-04-10 2015-04-10
5.0
None Remote Low Not required None None Partial
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
28 CVE-2015-2776 20 DoS 2015-03-31 2015-04-01
4.3
None Remote Medium Not required None None Partial
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
29 CVE-2015-2757 399 DoS 2015-03-27 2015-03-30
4.0
None Remote Low Single system None None Partial
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors.
30 CVE-2015-2756 264 DoS 2015-04-01 2015-04-17
4.9
None Local Low Not required None None Complete
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
31 CVE-2015-2754 20 DoS Exec Code 2015-03-31 2015-04-01
6.8
None Remote Medium Not required Partial Partial Partial
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."
32 CVE-2015-2753 20 DoS Exec Code 2015-03-31 2015-04-01
6.8
None Remote Medium Not required Partial Partial Partial
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.
33 CVE-2015-2752 20 DoS 2015-04-01 2015-04-17
4.9
None Local Low Not required None None Complete
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptable, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).
34 CVE-2015-2751 17 DoS 2015-04-01 2015-04-17
7.1
None Remote Medium Not required None None Complete
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
35 CVE-2015-2684 20 DoS 2015-03-31 2015-04-01
4.0
None Remote Low Single system None None Partial
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.
36 CVE-2015-2331 189 DoS Exec Code Overflow 2015-03-30 2015-04-13
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
37 CVE-2015-2316 399 DoS 2015-03-25 2015-04-09
5.0
None Remote Low Not required None None Partial
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
38 CVE-2015-2301 DoS 2015-03-30 2015-04-13
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
39 CVE-2015-2238 DoS 2015-03-08 2015-03-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
40 CVE-2015-2192 189 DoS Overflow 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
41 CVE-2015-2191 189 DoS Overflow 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
42 CVE-2015-2190 19 DoS 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.
43 CVE-2015-2189 189 DoS 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
44 CVE-2015-2188 19 DoS 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
45 CVE-2015-2187 20 DoS Mem. Corr. 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.
46 CVE-2015-2177 20 DoS 2015-03-06 2015-04-17
7.8
None Remote Low Not required None None Complete
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
47 CVE-2015-2155 DoS Exec Code 2015-03-24 2015-04-02
7.5
None Remote Low Not required Partial Partial Partial
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
48 CVE-2015-2154 119 DoS Overflow 2015-03-24 2015-04-06
5.0
None Remote Low Not required None None Partial
The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.
49 CVE-2015-2153 119 DoS Overflow 2015-03-24 2015-04-06
5.0
None Remote Low Not required None None Partial
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
50 CVE-2015-2151 264 DoS Exec Code Mem. Corr. +Info 2015-03-12 2015-03-25
7.2
None Local Low Not required Complete Complete Complete
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.