CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-2331 189 DoS Exec Code Overflow 2015-03-30 2015-04-13
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
2 CVE-2015-2316 399 DoS 2015-03-25 2015-04-09
5.0
None Remote Low Not required None None Partial
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
3 CVE-2015-2301 DoS 2015-03-30 2015-04-13
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
4 CVE-2015-2192 189 DoS Overflow 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
5 CVE-2015-2191 189 DoS Overflow 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
6 CVE-2015-2190 19 DoS 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.
7 CVE-2015-2189 189 DoS 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
8 CVE-2015-2188 19 DoS 2015-03-07 2015-04-06
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
9 CVE-2015-2187 20 DoS Mem. Corr. 2015-03-07 2015-03-23
5.0
None Remote Low Not required None None Partial
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.
10 CVE-2015-1382 20 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
11 CVE-2015-1381 399 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
12 CVE-2015-1380 20 DoS 2015-02-03 2015-02-19
5.0
None Remote Low Not required None None Partial
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
13 CVE-2015-1345 119 DoS Overflow 2015-02-12 2015-02-12
2.1
None Local Low Not required None None Partial
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
14 CVE-2015-1182 DoS Exec Code 2015-01-27 2015-04-17
7.5
None Remote Low Not required Partial Partial Partial
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
15 CVE-2015-0295 189 DoS 2015-03-25 2015-03-27
5.0
None Remote Low Not required None None Partial
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
16 CVE-2015-0255 200 DoS +Info 2015-02-13 2015-04-14
6.4
None Remote Low Not required Partial None Partial
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
17 CVE-2015-0245 362 DoS 2015-02-13 2015-04-14
1.9
None Local Medium Not required None None Partial
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
18 CVE-2014-9709 119 DoS Overflow 2015-03-30 2015-04-14
5.0
None Remote Low Not required None None Partial
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
19 CVE-2014-9640 119 DoS Overflow 2015-01-23 2015-04-17
5.0
None Remote Low Not required None None Partial
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
20 CVE-2014-9402 399 DoS 2015-02-24 2015-04-13
7.8
None Remote Low Not required None None Complete
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
21 CVE-2014-8640 362 DoS 2015-01-14 2015-03-17
5.0
None Remote Low Not required None None Partial
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.
22 CVE-2014-8158 119 DoS Exec Code Overflow 2015-01-26 2015-04-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
23 CVE-2014-8157 189 DoS Exec Code Overflow 2015-01-26 2015-04-02
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
24 CVE-2014-8154 119 DoS Exec Code Overflow 2015-01-27 2015-01-28
7.5
None Remote Low Not required Partial Partial Partial
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
25 CVE-2014-8080 DoS 2014-11-03 2015-04-22
5.0
None Remote Low Not required None None Partial
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
26 CVE-2014-3693 DoS Exec Code 2014-11-07 2015-03-17
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
27 CVE-2014-3619 399 DoS 2015-03-27 2015-03-27
5.0
None Remote Low Not required None None Partial
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
28 CVE-2014-2386 189 DoS Overflow 2014-03-25 2014-03-25
5.0
None Remote Low Not required None None Partial
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.
29 CVE-2014-0979 DoS 2014-01-22 2014-02-21
2.1
None Local Low Not required None None Partial
The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.
30 CVE-2014-0610 DoS Exec Code 2014-09-04 2014-09-08
10.0
None Remote Low Not required Complete Complete Complete
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
31 CVE-2014-0179 20 DoS 2014-08-03 2014-12-23
1.9
None Local Medium Not required None None Partial
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
32 CVE-2014-0128 20 DoS 2014-04-14 2014-04-15
5.0
None Remote Low Not required None None Partial
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
33 CVE-2013-7336 DoS 2014-05-07 2015-01-02
1.9
None Local Medium Not required None None Partial
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
34 CVE-2013-5018 119 DoS Overflow 2013-08-28 2013-08-29
4.3
None Remote Medium Not required None None Partial
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.
35 CVE-2013-4854 DoS 2013-07-29 2015-01-14
7.8
None Remote Low Not required None None Complete
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
36 CVE-2013-4852 189 DoS Exec Code Overflow 2013-08-19 2013-09-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
37 CVE-2013-4487 189 DoS Mem. Corr. 2013-11-20 2013-11-20
5.0
None Remote Low Not required None None Partial
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
38 CVE-2013-4132 310 DoS 2013-09-16 2013-09-17
5.0
None Remote Low Not required None None Partial
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
39 CVE-2013-4124 189 DoS Overflow 2013-08-05 2015-03-06
5.0
None Remote Low Not required None None Partial
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
40 CVE-2013-4123 20 DoS 2013-09-16 2013-09-17
5.0
None Remote Low Not required None None Partial
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
41 CVE-2013-4115 119 DoS Overflow Mem. Corr. 2013-08-09 2013-10-25
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
42 CVE-2013-4082 119 DoS Overflow 2013-06-09 2014-09-23
5.0
None Remote Low Not required None None Partial
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.
43 CVE-2013-3708 DoS 2013-11-30 2014-02-27
5.0
None Remote Low Not required None None Partial
The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors.
44 CVE-2013-3707 20 DoS 2013-12-01 2013-12-02
4.3
None Remote Medium Not required None None Partial
The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.
45 CVE-2013-3705 20 DoS 2013-12-22 2013-12-23
4.9
None Local Low Not required None None Complete
The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL.
46 CVE-2013-2174 119 DoS Exec Code Overflow 2013-07-31 2013-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
47 CVE-2013-2139 119 DoS Overflow 2014-01-16 2015-03-25
2.6
None Remote High Not required None None Partial
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
48 CVE-2013-2132 DoS 2013-08-15 2013-10-07
4.3
None Remote Medium Not required None None Partial
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
49 CVE-2013-2126 399 DoS Exec Code 2013-08-14 2013-08-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
50 CVE-2013-2112 DoS 2013-07-31 2014-03-16
7.8
None Remote Low Not required None None Complete
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
Total number of vulnerabilities : 167   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.