CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000357 399 DoS 2017-04-24 2017-06-13
5.0
None Remote Low Not required None None Partial
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91.
2 CVE-2017-1000252 20 DoS 2017-09-26 2017-11-05
2.1
None Local Low Not required None None Partial
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
3 CVE-2017-1000230 DoS 2017-11-17 2017-11-17
0.0
None ??? ??? ??? ??? ??? ???
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.
4 CVE-2017-1000229 DoS Exec Code Overflow 2017-11-17 2017-11-17
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
5 CVE-2017-1000218 DoS Exec Code Overflow 2017-11-16 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
6 CVE-2017-1000210 DoS Exec Code Overflow 2017-11-16 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
7 CVE-2017-1000201 DoS 2017-11-16 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
8 CVE-2017-1000200 DoS 2017-11-16 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
9 CVE-2017-1000198 DoS 2017-11-16 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
10 CVE-2017-1000122 20 DoS 2017-11-01 2017-11-21
5.0
None Remote Low Not required None None Partial
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.
11 CVE-2017-1000118 119 DoS Overflow 2017-10-04 2017-10-13
5.0
None Remote Low Not required None None Partial
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service
12 CVE-2017-1000068 287 DoS 2017-07-17 2017-08-04
5.0
None Remote Low Not required None None Partial
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.
13 CVE-2017-1000061 611 DoS 2017-07-17 2017-08-08
5.8
None Remote Medium Not required Partial None Partial
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
14 CVE-2017-16927 DoS Overflow 2017-11-23 2017-11-23
0.0
None ??? ??? ??? ??? ??? ???
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.
15 CVE-2017-16898 DoS Overflow 2017-11-20 2017-11-20
0.0
None ??? ??? ??? ??? ??? ???
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.
16 CVE-2017-16883 DoS 2017-11-18 2017-11-18
0.0
None ??? ??? ??? ??? ??? ???
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.
17 CVE-2017-16879 DoS Exec Code Overflow 2017-11-22 2017-11-22
0.0
None ??? ??? ??? ??? ??? ???
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
18 CVE-2017-16869 DoS 2017-11-17 2017-11-17
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."
19 CVE-2017-16868 DoS Overflow 2017-11-17 2017-11-17
0.0
None ??? ??? ??? ??? ??? ???
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
20 CVE-2017-16844 DoS Exec Code Overflow 2017-11-16 2017-11-21
0.0
None ??? ??? ??? ??? ??? ???
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
21 CVE-2017-16840 DoS 2017-11-21 2017-11-21
0.0
None ??? ??? ??? ??? ??? ???
The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
22 CVE-2017-16832 DoS 2017-11-15 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.
23 CVE-2017-16831 DoS Overflow 2017-11-15 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
24 CVE-2017-16830 DoS Overflow 2017-11-15 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.
25 CVE-2017-16829 DoS 2017-11-15 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.
26 CVE-2017-16828 DoS Overflow 2017-11-15 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.
27 CVE-2017-16827 DoS 2017-11-15 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
28 CVE-2017-16826 DoS 2017-11-15 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
29 CVE-2017-16805 DoS 2017-11-13 2017-11-13
0.0
None ??? ??? ??? ??? ??? ???
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
30 CVE-2017-16803 DoS 2017-11-13 2017-11-18
0.0
None ??? ??? ??? ??? ??? ???
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
31 CVE-2017-16797 DoS Overflow 2017-11-12 2017-11-12
0.0
None ??? ??? ??? ??? ??? ???
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.
32 CVE-2017-16796 DoS 2017-11-12 2017-11-12
0.0
None ??? ??? ??? ??? ??? ???
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.
33 CVE-2017-16794 DoS 2017-11-12 2017-11-12
0.0
None ??? ??? ??? ??? ??? ???
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
34 CVE-2017-16793 DoS Overflow 2017-11-12 2017-11-12
0.0
None ??? ??? ??? ??? ??? ???
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
35 CVE-2017-16711 DoS 2017-11-09 2017-11-14
0.0
None ??? ??? ??? ??? ??? ???
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
36 CVE-2017-16669 DoS Overflow 2017-11-08 2017-11-14
0.0
None ??? ??? ??? ??? ??? ???
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
37 CVE-2017-16650 DoS 2017-11-07 2017-11-14
0.0
None ??? ??? ??? ??? ??? ???
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
38 CVE-2017-16649 DoS 2017-11-07 2017-11-10
0.0
None ??? ??? ??? ??? ??? ???
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
39 CVE-2017-16648 DoS 2017-11-07 2017-11-10
0.0
None ??? ??? ??? ??? ??? ???
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.
40 CVE-2017-16647 DoS 2017-11-07 2017-11-10
0.0
None ??? ??? ??? ??? ??? ???
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
41 CVE-2017-16646 DoS 2017-11-07 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
42 CVE-2017-16645 DoS 2017-11-07 2017-11-10
0.0
None ??? ??? ??? ??? ??? ???
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
43 CVE-2017-16644 DoS 2017-11-07 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
44 CVE-2017-16643 DoS 2017-11-07 2017-11-10
0.0
None ??? ??? ??? ??? ??? ???
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
45 CVE-2017-16548 DoS 2017-11-06 2017-11-06
0.0
None ??? ??? ??? ??? ??? ???
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
46 CVE-2017-16547 20 DoS 2017-11-06 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
47 CVE-2017-16546 119 DoS Overflow 2017-11-05 2017-11-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
48 CVE-2017-16545 476 DoS 2017-11-05 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
49 CVE-2017-16538 20 DoS 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
50 CVE-2017-16537 476 DoS 2017-11-03 2017-11-16
7.2
None Local Low Not required Complete Complete Complete
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
Total number of vulnerabilities : 2981   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.