CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-6432 399 DoS 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
2 CVE-2014-6431 119 DoS Overflow 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
3 CVE-2014-6430 20 DoS 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
4 CVE-2014-6429 20 DoS 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
5 CVE-2014-6428 119 DoS Overflow 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
6 CVE-2014-6427 119 DoS Overflow 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
7 CVE-2014-6426 399 DoS 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
8 CVE-2014-6425 119 DoS Overflow 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character.
9 CVE-2014-6424 119 DoS Overflow 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
10 CVE-2014-6423 399 DoS 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
11 CVE-2014-6422 119 DoS Overflow 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
12 CVE-2014-6421 DoS 2014-09-20 2014-09-21
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.
13 CVE-2014-6270 119 DoS Exec Code Overflow 2014-09-12 2014-09-22
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
14 CVE-2014-6252 119 DoS Exec Code Overflow 2014-09-05 2014-09-08
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
15 CVE-2014-6060 399 DoS 2014-09-04 2014-09-08
3.3
None Local Network Low Not required None None Partial
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
16 CVE-2014-5508 189 DoS Overflow 2014-09-05 2014-09-08
3.5
None Remote Medium Single system None None Partial
Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other interval configurations.
17 CVE-2014-5472 20 DoS 2014-08-31 2014-09-02
4.0
None Local High Not required None None Complete
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
18 CVE-2014-5471 399 DoS 2014-08-31 2014-09-02
4.0
None Local High Not required None None Complete
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
19 CVE-2014-5461 119 DoS Overflow 2014-09-04 2014-09-13
5.0
None Remote Low Not required None None Partial
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
20 CVE-2014-5407 119 DoS Overflow 2014-09-15 2014-09-15
4.4
None Local Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.
21 CVE-2014-5398 20 DoS 2014-08-27 2014-08-28
2.1
None Local Low Not required Partial None None
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
22 CVE-2014-5384 119 DoS Overflow 2014-08-21 2014-08-21
5.0
None Remote Low Not required None None Partial
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.
23 CVE-2014-5356 264 DoS 2014-08-25 2014-08-26
4.0
None Remote Low Single system None None Partial
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
24 CVE-2014-5349 119 1 DoS Overflow 2014-08-19 2014-08-20
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
25 CVE-2014-5336 20 DoS 2014-08-26 2014-08-27
4.3
None Remote Medium Not required None None Partial
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.
26 CVE-2014-5266 399 DoS 2014-08-18 2014-08-28
5.0
None Remote Low Not required None None Partial
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
27 CVE-2014-5265 399 DoS 2014-08-18 2014-08-28
5.0
None Remote Low Not required None None Partial
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
28 CVE-2014-5263 119 DoS Overflow +Priv Mem. Corr. 2014-08-26 2014-08-27
6.8
None Remote Medium Not required Partial Partial Partial
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.
29 CVE-2014-5256 119 DoS Overflow Mem. Corr. 2014-09-05 2014-09-08
5.0
None Remote Low Not required None None Partial
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack.
30 CVE-2014-5207 264 DoS +Priv 2014-08-18 2014-08-28
6.0
None Local High Single system Complete Complete Complete
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
31 CVE-2014-5165 119 DoS Overflow 2014-08-01 2014-08-01
5.0
None Remote Low Not required None None Partial
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
32 CVE-2014-5164 119 DoS Overflow 2014-08-01 2014-08-01
5.0
None Remote Low Not required None None Partial
The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
33 CVE-2014-5163 119 DoS Overflow 2014-08-01 2014-08-01
5.0
None Remote Low Not required None None Partial
The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
34 CVE-2014-5162 119 DoS Overflow 2014-08-01 2014-08-01
5.0
None Remote Low Not required None None Partial
The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.
35 CVE-2014-5161 119 DoS Overflow 2014-08-01 2014-08-01
5.0
None Remote Low Not required None None Partial
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
36 CVE-2014-5149 399 DoS 2014-08-22 2014-08-27
4.7
None Local Medium Not required None None Complete
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.
37 CVE-2014-5147 264 DoS 2014-08-29 2014-09-02
4.3
None Local Network High Single system None None Complete
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
38 CVE-2014-5146 399 DoS 2014-08-22 2014-08-27
4.7
None Local Medium Not required None None Complete
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
39 CVE-2014-5139 DoS 2014-08-13 2014-09-13
4.3
None Remote Medium Not required None None Partial
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
40 CVE-2014-5119 189 DoS Exec Code 2014-08-29 2014-09-02
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
41 CVE-2014-5116 1 DoS 2014-07-29 2014-07-30
5.0
None Remote Low Not required None None Partial
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
42 CVE-2014-5077 DoS 2014-08-01 2014-09-13
5.4
None Remote High Not required None None Complete
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
43 CVE-2014-5074 DoS 2014-08-17 2014-08-28
7.1
None Remote Medium Not required None None Complete
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
44 CVE-2014-5045 59 DoS 2014-08-01 2014-08-01
6.2
None Local High Not required Complete Complete Complete
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
45 CVE-2014-5019 20 DoS 2014-07-22 2014-07-22
5.0
None Remote Low Not required None None Partial
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
46 CVE-2014-4979 119 DoS Exec Code Overflow Mem. Corr. 2014-07-26 2014-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
47 CVE-2014-4948 DoS +Info 2014-07-22 2014-08-01
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
48 CVE-2014-4927 119 1 DoS Overflow 2014-07-24 2014-07-25
7.8
None Remote Low Not required None None Complete
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
49 CVE-2014-4911 310 DoS 2014-07-22 2014-08-01
5.0
None Remote Low Not required None None Partial
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
50 CVE-2014-4909 189 DoS Exec Code Overflow 2014-07-29 2014-07-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.