CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-7424 476 DoS 2016-10-07 2016-10-11
4.3
None Remote Medium Not required None None Partial
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
2 CVE-2016-7180 416 DoS 2016-09-09 2016-09-29
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
3 CVE-2016-7179 119 DoS Overflow 2016-09-09 2016-09-29
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
4 CVE-2016-7178 787 DoS 2016-09-09 2016-09-29
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.
5 CVE-2016-7177 119 DoS Overflow 2016-09-09 2016-09-29
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
6 CVE-2016-7176 119 DoS Overflow 2016-09-09 2016-09-30
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.
7 CVE-2016-7118 476 DoS 2016-08-31 2016-11-28
4.9
None Local Low Not required None None Complete
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
8 CVE-2016-7045 119 DoS Overflow 2016-09-27 2016-09-28
5.0
None Remote Low Not required None None Partial
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
9 CVE-2016-7044 119 DoS Overflow 2016-09-27 2016-09-28
5.0
None Remote Low Not required None None Partial
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
10 CVE-2016-6525 119 DoS Exec Code Overflow 2016-09-22 2016-09-22
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
11 CVE-2016-6354 119 DoS Exec Code Overflow 2016-09-21 2016-09-22
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
12 CVE-2016-6254 119 DoS Exec Code Overflow 2016-08-19 2016-11-28
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
13 CVE-2016-6214 125 DoS 2016-08-12 2016-11-28
4.3
None Remote Medium Not required None None Partial
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
14 CVE-2016-6207 787 DoS Overflow 2016-08-12 2016-11-28
4.3
None Remote Medium Not required None None Partial
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
15 CVE-2016-6161 125 DoS 2016-08-12 2016-11-28
4.3
None Remote Medium Not required None None Partial
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
16 CVE-2016-6132 125 DoS 2016-08-12 2016-11-28
4.3
None Remote Medium Not required None None Partial
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
17 CVE-2016-6128 20 DoS 2016-08-07 2016-11-28
5.0
None Remote Low Not required None None Partial
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
18 CVE-2016-5829 119 DoS Overflow 2016-06-27 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
19 CVE-2016-5828 20 DoS 2016-06-27 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
20 CVE-2016-5766 190 DoS Overflow 2016-08-07 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
21 CVE-2016-5728 119 DoS Overflow Mem. Corr. +Info 2016-06-27 2016-11-28
5.4
None Local Medium Not required Partial None Complete
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
22 CVE-2016-5300 399 DoS 2016-06-16 2016-11-29
7.8
None Remote Low Not required None None Complete
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
23 CVE-2016-5180 787 DoS Exec Code Overflow 2016-10-03 2016-10-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
24 CVE-2016-5116 119 DoS Overflow +Info 2016-08-07 2016-11-28
6.4
None Remote Low Not required Partial None Partial
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
25 CVE-2016-5108 119 DoS Exec Code Overflow 2016-06-08 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
26 CVE-2016-4478 119 DoS Overflow 2016-06-13 2016-06-20
5.0
None Remote Low Not required None None Partial
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
27 CVE-2016-4463 119 DoS Overflow 2016-07-08 2016-11-28
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
28 CVE-2016-4450 DoS 2016-06-07 2016-11-28
5.0
None Remote Low Not required None None Partial
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
29 CVE-2016-4449 20 DoS 2016-06-09 2016-11-28
5.8
None Remote Medium Not required Partial None Partial
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
30 CVE-2016-4447 119 DoS Overflow 2016-06-09 2016-11-28
5.0
None Remote Low Not required None None Partial
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
31 CVE-2016-4423 399 DoS 2016-06-01 2016-06-03
5.0
None Remote Low Not required None None Partial
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
32 CVE-2016-4348 20 DoS 2016-05-20 2016-07-28
5.0
None Remote Low Not required None None Partial
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
33 CVE-2016-4085 20 DoS Overflow 2016-04-25 2016-12-02
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.
34 CVE-2016-4082 119 DoS Overflow 2016-04-25 2016-12-02
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.
35 CVE-2016-4079 119 DoS Overflow 2016-04-25 2016-12-02
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.
36 CVE-2016-3994 119 DoS Overflow +Info 2016-05-13 2016-11-30
6.4
None Remote Low Not required Partial None Partial
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
37 CVE-2016-3993 119 DoS Overflow 2016-05-13 2016-11-30
5.0
None Remote Low Not required None None Partial
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
38 CVE-2016-3982 119 DoS Exec Code Overflow 2016-04-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
39 CVE-2016-3981 119 DoS Exec Code Overflow 2016-04-13 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
40 CVE-2016-3712 DoS Overflow 2016-05-11 2016-11-30
2.1
None Local Low Not required None None Partial
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
41 CVE-2016-3705 20 DoS 2016-05-17 2016-11-30
5.0
None Remote Low Not required None None Partial
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
42 CVE-2016-3698 284 DoS 2016-06-13 2016-10-03
6.8
None Remote Medium Not required Partial Partial Partial
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
43 CVE-2016-3627 20 DoS 2016-05-17 2016-11-30
5.0
None Remote Low Not required None None Partial
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
44 CVE-2016-3092 20 DoS 2016-07-04 2016-11-28
7.8
None Remote Low Not required None None Complete
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
45 CVE-2016-3074 189 DoS Exec Code Overflow 2016-04-26 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
46 CVE-2016-3070 476 DoS 2016-08-06 2016-11-28
4.6
None Local Low Not required Partial Partial Partial
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
47 CVE-2016-3062 119 DoS Exec Code Overflow Mem. Corr. 2016-06-16 2016-08-17
6.8
None Remote Medium Not required Partial Partial Partial
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
48 CVE-2016-2851 119 DoS Exec Code Overflow Mem. Corr. 2016-04-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
49 CVE-2016-2831 284 DoS 2016-06-13 2016-11-28
5.8
None Remote Medium Not required None Partial Partial
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
50 CVE-2016-2821 DoS Exec Code Mem. Corr. 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
Total number of vulnerabilities : 455   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.