CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4421 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.
2 CVE-2016-4420 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
3 CVE-2016-4419 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
4 CVE-2016-4418 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.
5 CVE-2016-4417 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.
6 CVE-2016-4416 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
7 CVE-2016-4415 DoS Overflow 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.
8 CVE-2016-4085 20 DoS Overflow 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.
9 CVE-2016-4084 DoS Overflow 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.
10 CVE-2016-4083 20 DoS 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
11 CVE-2016-4082 119 DoS Overflow 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.
12 CVE-2016-4081 284 DoS 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
13 CVE-2016-4080 119 DoS Overflow 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
14 CVE-2016-4079 119 DoS Overflow 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.
15 CVE-2016-4078 20 DoS 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.
16 CVE-2016-4077 DoS 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
17 CVE-2016-4076 284 DoS 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
18 CVE-2016-4065 119 DoS Overflow 2016-04-22 2016-04-28
6.8
None Remote Medium Not required Partial Partial Partial
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.
19 CVE-2016-4062 19 DoS 2016-04-22 2016-04-28
4.3
None Remote Medium Not required None None Partial
Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF.
20 CVE-2016-4061 20 DoS 2016-04-22 2016-04-28
5.0
None Remote Low Not required None None Partial
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.
21 CVE-2016-4060 DoS 2016-04-22 2016-04-28
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
22 CVE-2016-4052 119 DoS Exec Code Overflow 2016-04-25 2016-04-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
23 CVE-2016-4051 119 DoS Exec Code Overflow 2016-04-25 2016-04-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
24 CVE-2016-4017 DoS 2016-04-14 2016-04-20
5.0
None Remote Low Not required None None Partial
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
25 CVE-2016-4015 DoS 2016-04-14 2016-04-19
5.0
None Remote Low Not required None None Partial
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
26 CVE-2016-4014 DoS 2016-04-14 2016-04-19
9.0
User Remote Low Not required Partial Partial Complete
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted XML request, aka SAP Security Note 2254389.
27 CVE-2016-4006 119 DoS Overflow 2016-04-25 2016-04-28
4.3
None Remote Medium Not required None None Partial
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.
28 CVE-2016-4002 119 DoS Exec Code Overflow Mem. Corr. 2016-04-26 2016-04-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
29 CVE-2016-3986 119 DoS Exec Code Overflow Mem. Corr. 2016-04-11 2016-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.
30 CVE-2016-3982 119 DoS Exec Code Overflow 2016-04-13 2016-04-21
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
31 CVE-2016-3981 119 DoS Exec Code Overflow 2016-04-13 2016-04-21
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
32 CVE-2016-3980 20 DoS 2016-04-08 2016-04-14
5.0
None Remote Low Not required None None Partial
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2259547.
33 CVE-2016-3979 20 DoS 2016-04-08 2016-04-25
5.0
None Remote Low Not required None None Partial
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2256185.
34 CVE-2016-3977 119 DoS Overflow 2016-04-21 2016-04-28
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
35 CVE-2016-3974 DoS 2016-04-07 2016-04-11
7.5
None Remote Low Not required Partial Partial Partial
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.4 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request, related to the ctcprotocol servlet, aka SAP Security Note 2235994.
36 CVE-2016-3963 DoS 2016-04-08 2016-04-11
5.0
None Remote Low Not required None None Partial
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
37 CVE-2016-3961 20 DoS 2016-04-15 2016-04-18
2.1
None Local Low Not required None None Partial
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
38 CVE-2016-3960 264 DoS Overflow +Priv 2016-04-19 2016-04-21
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
39 CVE-2016-3950 20 DoS 2016-04-18 2016-04-19
6.8
None Remote Low Single system None None Complete
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
40 CVE-2016-3948 119 DoS Overflow 2016-04-07 2016-04-11
5.0
None Remote Low Not required None None Partial
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
41 CVE-2016-3947 119 DoS Overflow 2016-04-07 2016-04-11
7.5
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
42 CVE-2016-3941 119 DoS Overflow 2016-04-18 2016-04-20
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
43 CVE-2016-3679 DoS 2016-03-29 2016-03-31
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
44 CVE-2016-3678 20 DoS 2016-04-11 2016-04-14
7.8
None Remote Low Not required None None Complete
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.
45 CVE-2016-3657 119 DoS Exec Code Overflow 2016-04-12 2016-04-14
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.
46 CVE-2016-3656 119 DoS Overflow 2016-04-12 2016-04-14
5.0
None Remote Low Not required None None Partial
The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.
47 CVE-2016-3628 119 DoS Exec Code Overflow 2016-04-20 2016-04-20
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.
48 CVE-2016-3191 119 DoS Exec Code Overflow 2016-03-17 2016-03-21
7.5
None Remote Low Not required Partial Partial Partial
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
49 CVE-2016-3190 DoS 2016-04-21 2016-04-21
0.0
None ??? ??? ??? ??? ??? ???
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
50 CVE-2016-3186 119 DoS Overflow 2016-04-19 2016-04-25
5.0
None Remote Low Not required None None Partial
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.