CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-9093 DoS Exec Code 2014-11-26 2014-11-26
0.0
None ??? ??? ??? ??? ??? ???
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
2 CVE-2014-9034 19 DoS 2014-11-25 2014-11-26
5.0
None Remote Low Not required None None Partial
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
3 CVE-2014-9030 20 DoS 2014-11-24 2014-11-24
7.1
None Remote Medium Not required None None Complete
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
4 CVE-2014-9016 20 DoS 2014-11-24 2014-11-24
5.0
None Remote Low Not required None None Partial
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
5 CVE-2014-8991 264 DoS 2014-11-24 2014-11-25
2.1
None Local Low Not required None None Partial
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
6 CVE-2014-8952 DoS 2014-11-16 2014-11-17
7.1
None Remote Medium Not required None None Complete
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition."
7 CVE-2014-8951 DoS 2014-11-16 2014-11-17
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.
8 CVE-2014-8950 DoS 2014-11-16 2014-11-17
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request.
9 CVE-2014-8769 119 DoS Overflow +Info 2014-11-20 2014-11-20
6.4
None Remote Low Not required Partial None Partial
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.
10 CVE-2014-8768 189 DoS 2014-11-20 2014-11-20
5.0
None Remote Low Not required None None Partial
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
11 CVE-2014-8767 189 DoS 2014-11-20 2014-11-20
5.0
None Remote Low Not required None None Partial
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
12 CVE-2014-8714 399 DoS 2014-11-22 2014-11-24
5.0
None Remote Low Not required None None Partial
The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
13 CVE-2014-8713 119 DoS Overflow 2014-11-22 2014-11-24
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
14 CVE-2014-8712 399 DoS 2014-11-22 2014-11-24
5.0
None Remote Low Not required None None Partial
The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
15 CVE-2014-8711 189 DoS Overflow 2014-11-22 2014-11-24
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.
16 CVE-2014-8710 119 DoS Overflow 2014-11-22 2014-11-24
5.0
None Remote Low Not required None None Partial
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
17 CVE-2014-8662 DoS 2014-11-06 2014-11-06
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.
18 CVE-2014-8657 16 1 DoS 2014-11-06 2014-11-06
5.0
None Remote Low Not required None None Partial
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.
19 CVE-2014-8652 16 DoS 2014-11-10 2014-11-14
5.0
None Remote Low Not required None None Partial
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.
20 CVE-2014-8626 119 DoS Exec Code Overflow 2014-11-22 2014-11-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
21 CVE-2014-8595 17 DoS +Priv 2014-11-19 2014-11-19
1.9
None Local Medium Not required None None Partial
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.
22 CVE-2014-8594 20 DoS 2014-11-19 2014-11-19
5.4
None Remote High Not required None None Complete
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer derference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).
23 CVE-2014-8592 DoS 2014-11-04 2014-11-13
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.
24 CVE-2014-8591 DoS 2014-11-04 2014-11-20
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.
25 CVE-2014-8589 189 DoS Overflow 2014-11-04 2014-11-13
5.0
None Remote Low Not required None None Partial
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
26 CVE-2014-8567 399 DoS 2014-11-14 2014-11-20
9.4
None Remote Low Not required None Complete Complete
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
27 CVE-2014-8566 200 DoS Overflow +Info 2014-11-15 2014-11-20
6.4
None Remote Low Not required Partial None Partial
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."
28 CVE-2014-8564 310 DoS 2014-11-13 2014-11-14
5.0
None Remote Low Not required None None Partial
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
29 CVE-2014-8559 399 DoS 2014-11-10 2014-11-10
4.9
None Local Low Not required None None Complete
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
30 CVE-2014-8549 189 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.
31 CVE-2014-8548 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
32 CVE-2014-8547 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
33 CVE-2014-8546 189 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.
34 CVE-2014-8545 189 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.
35 CVE-2014-8544 20 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
36 CVE-2014-8543 20 DoS 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.
37 CVE-2014-8542 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
38 CVE-2014-8541 119 DoS Overflow 2014-11-05 2014-11-05
7.5
None Remote Low Not required Partial Partial Partial
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
39 CVE-2014-8534 DoS 2014-10-29 2014-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.
40 CVE-2014-8530 DoS +Info 2014-10-29 2014-10-30
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins.
41 CVE-2014-8483 DoS 2014-11-06 2014-11-20
5.0
None Remote Low Not required None None Partial
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
42 CVE-2014-8481 399 DoS 2014-11-10 2014-11-20
4.9
None Local Low Not required None None Complete
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.
43 CVE-2014-8480 399 DoS 2014-11-10 2014-11-10
4.9
None Local Low Not required None None Complete
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application.
44 CVE-2014-8475 17 DoS 2014-11-18 2014-11-18
4.3
None Remote Medium Not required None None Partial
FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.
45 CVE-2014-8474 DoS 2014-11-04 2014-11-20
7.5
None Remote Low Not required Partial Partial Partial
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
46 CVE-2014-8441 DoS Exec Code Mem. Corr. 2014-11-11 2014-11-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440.
47 CVE-2014-8440 DoS Exec Code Mem. Corr. 2014-11-11 2014-11-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
48 CVE-2014-8439 119 DoS Exec Code Overflow 2014-11-25 2014-11-26
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
49 CVE-2014-8416 20 DoS 2014-11-24 2014-11-25
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.
50 CVE-2014-8415 20 DoS 2014-11-24 2014-11-25
5.0
None Remote Low Not required None None Partial
Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.
Total number of vulnerabilities : 1429   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.