CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2011-4868 399 DoS 2012-01-14 2016-12-02
6.1
None Local Network Low Not required None None Complete
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.
1152 CVE-2011-4858 399 DoS 2012-01-05 2018-01-08
5.0
None Remote Low Not required None None Partial
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
1153 CVE-2011-4623 189 DoS Overflow 2012-09-25 2012-09-26
2.1
None Local Low Not required None None Partial
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.
1154 CVE-2011-4622 DoS 2012-01-27 2017-12-28
4.9
None Local Low Not required None None Complete
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.
1155 CVE-2011-4621 DoS Exec Code 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
1156 CVE-2011-4619 399 DoS 2012-01-05 2016-08-22
5.0
None Remote Low Not required None None Partial
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
1157 CVE-2011-4611 189 DoS Overflow 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.
1158 CVE-2011-4594 DoS 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.
1159 CVE-2011-4579 119 DoS Overflow Mem. Corr. 2012-08-20 2012-08-21
4.3
None Remote Medium Not required None None Partial
The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."
1160 CVE-2011-4577 399 DoS 2012-01-05 2014-03-26
4.3
None Remote Medium Not required None None Partial
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
1161 CVE-2011-4535 119 DoS Exec Code Overflow 2012-04-02 2012-04-03
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
1162 CVE-2011-4534 DoS Exec Code 2012-02-10 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212.
1163 CVE-2011-4533 DoS Exec Code 2012-02-10 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 50777, aka Reference Number 25240.
1164 CVE-2011-4531 20 DoS 2012-01-08 2012-01-09
5.0
None Remote Low Not required None None Partial
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
1165 CVE-2011-4530 20 DoS 2012-01-08 2012-01-09
5.0
None Remote Low Not required None None Partial
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
1166 CVE-2011-4486 399 DoS 2012-02-29 2012-03-01
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.
1167 CVE-2011-4373 DoS Exec Code Mem. Corr. 2012-01-10 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
1168 CVE-2011-4372 DoS Exec Code Mem. Corr. 2012-01-10 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.
1169 CVE-2011-4371 DoS Exec Code Mem. Corr. 2012-01-10 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
1170 CVE-2011-4370 DoS Exec Code Mem. Corr. 2012-01-10 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.
1171 CVE-2011-4364 119 DoS Exec Code Overflow 2012-08-20 2012-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.
1172 CVE-2011-4353 119 DoS Overflow 2012-08-20 2012-08-21
4.3
None Remote Medium Not required None None Partial
The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.
1173 CVE-2011-4352 189 DoS Exec Code Overflow 2012-08-20 2012-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.
1174 CVE-2011-4330 119 DoS Exec Code Overflow 2012-01-27 2012-04-16
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
1175 CVE-2011-4326 399 DoS 2012-05-17 2015-05-05
7.1
None Remote Medium Not required None None Complete
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
1176 CVE-2011-4325 DoS 2012-01-27 2017-08-28
4.9
None Local Low Not required None None Complete
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
1177 CVE-2011-4324 DoS 2012-06-21 2012-06-22
4.9
None Local Low Not required None None Complete
The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.
1178 CVE-2011-4320 399 DoS 2012-02-17 2012-02-29
4.0
None Remote Low Single system None None Partial
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
1179 CVE-2011-4305 189 DoS 2012-07-11 2012-07-16
4.0
None Remote Low Single system None None Partial
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.
1180 CVE-2011-4292 89 DoS Sql 2012-07-16 2012-07-16
4.0
None Remote Low Single system None None Partial
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
1181 CVE-2011-4291 DoS 2012-07-16 2012-07-16
4.0
None Remote Low Single system None None Partial
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.
1182 CVE-2011-4231 20 DoS 2012-05-03 2012-05-11
6.3
None Remote Medium Single system None None Complete
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
1183 CVE-2011-4189 94 DoS Exec Code Mem. Corr. 2012-03-02 2018-01-10
7.5
None Remote Low Not required Partial Partial Partial
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.
1184 CVE-2011-4188 119 DoS Overflow 2012-04-09 2017-12-28
4.0
None Remote Low Single system None None Partial
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929.
1185 CVE-2011-4185 119 DoS Exec Code Overflow Mem. Corr. 2012-02-21 2012-02-22
10.0
None Remote Low Not required Complete Complete Complete
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436.
1186 CVE-2011-4153 20 1 DoS 2012-01-18 2018-01-17
5.0
None Remote Low Not required None None Partial
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
1187 CVE-2011-4132 20 DoS 2012-01-27 2017-12-28
2.1
None Local Low Not required None None Partial
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."
1188 CVE-2011-4131 189 DoS 2012-05-17 2017-12-28
4.6
None Local Network High Not required None None Complete
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
1189 CVE-2011-4112 264 DoS 2012-05-17 2015-05-05
4.9
None Local Low Not required None None Complete
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface.
1190 CVE-2011-4110 264 DoS 2012-01-27 2016-08-22
2.1
None Local Low Not required None None Partial
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
1191 CVE-2011-4097 189 DoS Overflow 2012-05-17 2012-05-17
4.9
None Local Low Not required None None Complete
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.
1192 CVE-2011-4086 119 DoS Overflow 2012-07-03 2017-12-28
4.9
None Local Low Not required None None Complete
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
1193 CVE-2011-4081 DoS 2012-05-24 2012-05-29
4.9
None Local Low Not required None None Complete
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
1194 CVE-2011-4077 119 DoS Exec Code Overflow Mem. Corr. 2012-01-27 2016-08-22
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
1195 CVE-2011-4057 399 DoS 2012-01-13 2012-01-16
5.0
None Remote Low Not required None None Partial
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.
1196 CVE-2011-4045 119 DoS Overflow 2012-04-02 2012-04-03
4.3
None Remote Medium Not required None None Partial
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
1197 CVE-2011-4029 362 DoS 2012-07-03 2012-07-17
1.9
None Local Medium Not required Partial None None
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
1198 CVE-2011-4023 399 DoS 2012-05-03 2018-10-30
7.8
None Remote Low Not required None None Complete
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
1199 CVE-2011-4022 287 DoS 2012-05-03 2012-05-11
5.0
None Remote Low Not required None None Partial
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
1200 CVE-2011-4019 399 DoS 2012-05-03 2012-05-30
5.4
None Remote High Not required None None Complete
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
Total number of vulnerabilities : 1425   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.