CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000357 399 DoS 2017-04-24 2017-04-27
5.0
None Remote Low Not required None None Partial
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 and 4.0 are affected by this flaw. Java version is openjdk version 1.8.0_91.
2 CVE-2017-9147 DoS 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
3 CVE-2017-9146 DoS Overflow 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
4 CVE-2017-9143 DoS 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.
5 CVE-2017-9119 DoS 2017-05-21 2017-05-21
0.0
None ??? ??? ??? ??? ??? ???
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
6 CVE-2017-9094 DoS 2017-05-19 2017-05-19
0.0
None ??? ??? ??? ??? ??? ???
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
7 CVE-2017-9093 DoS 2017-05-19 2017-05-19
0.0
None ??? ??? ??? ??? ??? ???
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
8 CVE-2017-9077 DoS 2017-05-19 2017-05-19
0.0
None ??? ??? ??? ??? ??? ???
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
9 CVE-2017-9076 DoS 2017-05-19 2017-05-19
0.0
None ??? ??? ??? ??? ??? ???
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
10 CVE-2017-9075 DoS 2017-05-19 2017-05-19
0.0
None ??? ??? ??? ??? ??? ???
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
11 CVE-2017-9074 DoS 2017-05-19 2017-05-19
0.0
None ??? ??? ??? ??? ??? ???
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
12 CVE-2017-9059 DoS 2017-05-18 2017-05-18
0.0
None ??? ??? ??? ??? ??? ???
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.
13 CVE-2017-9044 DoS 2017-05-17 2017-05-17
0.0
None ??? ??? ??? ??? ??? ???
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.
14 CVE-2017-9043 DoS 2017-05-17 2017-05-17
0.0
None ??? ??? ??? ??? ??? ???
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
15 CVE-2017-9042 DoS 2017-05-17 2017-05-17
0.0
None ??? ??? ??? ??? ??? ???
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
16 CVE-2017-9041 DoS 2017-05-17 2017-05-17
0.0
None ??? ??? ??? ??? ??? ???
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.
17 CVE-2017-9040 DoS 2017-05-17 2017-05-17
0.0
None ??? ??? ??? ??? ??? ???
GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.
18 CVE-2017-9039 DoS 2017-05-17 2017-05-17
0.0
None ??? ??? ??? ??? ??? ???
GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.
19 CVE-2017-9038 DoS 2017-05-17 2017-05-17
0.0
None ??? ??? ??? ??? ??? ???
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.
20 CVE-2017-8934 DoS 2017-05-15 2017-05-15
0.0
None ??? ??? ??? ??? ??? ???
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).
21 CVE-2017-8933 DoS 2017-05-15 2017-05-15
0.0
None ??? ??? ??? ??? ??? ???
Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).
22 CVE-2017-8929 DoS 2017-05-14 2017-05-14
0.0
None ??? ??? ??? ??? ??? ???
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
23 CVE-2017-8927 DoS Overflow 2017-05-15 2017-05-15
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
24 CVE-2017-8926 DoS Overflow 2017-05-15 2017-05-15
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
25 CVE-2017-8925 399 DoS 2017-05-12 2017-05-20
2.1
None Local Low Not required None None Partial
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
26 CVE-2017-8923 DoS 2017-05-12 2017-05-12
0.0
None ??? ??? ??? ??? ??? ???
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
27 CVE-2017-8908 125 DoS 2017-05-12 2017-05-17
4.3
None Remote Medium Not required None None Partial
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.
28 CVE-2017-8906 191 DoS 2017-05-11 2017-05-20
4.3
None Remote Medium Not required None None Partial
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.
29 CVE-2017-8895 416 DoS Exec Code 2017-05-10 2017-05-20
10.0
None Remote Low Not required Complete Complete Complete
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
30 CVE-2017-8890 415 DoS 2017-05-10 2017-05-17
10.0
None Remote Low Not required Complete Complete Complete
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
31 CVE-2017-8872 125 DoS 2017-05-10 2017-05-15
6.4
None Remote Low Not required Partial None Partial
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
32 CVE-2017-8847 476 DoS 2017-05-08 2017-05-16
4.3
None Remote Medium Not required None None Partial
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
33 CVE-2017-8846 416 DoS 2017-05-08 2017-05-16
4.3
None Remote Medium Not required None None Partial
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
34 CVE-2017-8845 125 DoS 2017-05-08 2017-05-18
4.3
None Remote Medium Not required None None Partial
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.
35 CVE-2017-8844 119 DoS Overflow 2017-05-08 2017-05-16
6.8
None Remote Medium Not required Partial Partial Partial
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
36 CVE-2017-8843 476 DoS 2017-05-08 2017-05-16
4.3
None Remote Medium Not required None None Partial
The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
37 CVE-2017-8842 369 DoS 2017-05-08 2017-05-15
4.3
None Remote Medium Not required None None Partial
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.
38 CVE-2017-8831 125 DoS 2017-05-08 2017-05-15
7.2
None Local Low Not required Complete Complete Complete
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.10.14 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
39 CVE-2017-8830 119 DoS Overflow 2017-05-08 2017-05-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
40 CVE-2017-8827 287 DoS 2017-05-08 2017-05-12
6.4
None Remote Low Not required None Partial Partial
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
41 CVE-2017-8804 502 DoS 2017-05-07 2017-05-15
7.8
None Remote Low Not required None None Complete
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
42 CVE-2017-8798 119 DoS Overflow 2017-05-10 2017-05-18
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
43 CVE-2017-8787 119 DoS Overflow 2017-05-05 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.
44 CVE-2017-8786 119 DoS Overflow 2017-05-04 2017-05-15
7.5
None Remote Low Not required Partial Partial Partial
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
45 CVE-2017-8779 399 DoS 2017-05-04 2017-05-17
7.8
None Remote Low Not required None None Complete
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
46 CVE-2017-8419 119 DoS Overflow 2017-05-02 2017-05-15
6.8
None Remote Medium Not required Partial Partial Partial
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.
47 CVE-2017-8378 284 DoS Overflow 2017-04-30 2017-05-10
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.
48 CVE-2017-8374 125 DoS 2017-04-30 2017-05-12
4.3
None Remote Medium Not required None None Partial
The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
49 CVE-2017-8373 119 DoS Overflow 2017-04-30 2017-05-12
6.8
None Remote Medium Not required Partial Partial Partial
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
50 CVE-2017-8372 20 DoS 2017-04-30 2017-05-11
2.6
None Remote High Not required None None Partial
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.