# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-1000407 |
754 |
|
DoS |
2017-12-11 |
2019-05-14 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. |
2 |
CVE-2017-14496 |
191 |
|
DoS |
2017-10-03 |
2018-05-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. |
3 |
CVE-2017-14495 |
772 |
|
DoS |
2017-10-03 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. |
4 |
CVE-2017-14493 |
119 |
|
DoS Exec Code Overflow |
2017-10-03 |
2018-03-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. |
5 |
CVE-2017-14492 |
119 |
|
DoS Exec Code Overflow |
2017-10-03 |
2018-03-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. |
6 |
CVE-2017-14491 |
787 |
|
DoS Exec Code Overflow |
2017-10-04 |
2022-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. |
7 |
CVE-2017-12613 |
125 |
|
DoS |
2017-10-24 |
2022-04-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. |
8 |
CVE-2017-10978 |
119 |
|
DoS Overflow |
2017-07-17 |
2019-07-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. |
9 |
CVE-2017-10664 |
|
|
DoS |
2017-08-02 |
2021-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. |
10 |
CVE-2017-10053 |
|
|
DoS |
2017-08-08 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
11 |
CVE-2017-9788 |
200 |
|
DoS +Info |
2017-07-13 |
2021-06-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. |
12 |
CVE-2017-9776 |
190 |
|
DoS Overflow |
2017-06-22 |
2019-03-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. |
13 |
CVE-2017-9775 |
119 |
|
DoS Overflow |
2017-06-22 |
2019-03-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. |
14 |
CVE-2017-9461 |
835 |
|
DoS |
2017-06-06 |
2019-10-03 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. |
15 |
CVE-2017-7980 |
119 |
|
DoS Exec Code Overflow |
2017-07-25 |
2021-08-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. |
16 |
CVE-2017-5848 |
125 |
|
DoS |
2017-02-09 |
2020-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. |
17 |
CVE-2017-5208 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2017-08-22 |
2019-03-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. |
18 |
CVE-2017-3636 |
|
|
DoS |
2017-08-08 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). |
19 |
CVE-2017-0900 |
20 |
|
DoS |
2017-08-31 |
2019-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. |
20 |
CVE-2016-9811 |
125 |
|
DoS |
2017-01-13 |
2021-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. |
21 |
CVE-2016-9636 |
119 |
|
DoS Exec Code Overflow |
2017-01-27 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. |
22 |
CVE-2016-9635 |
119 |
|
DoS Exec Code Overflow |
2017-01-27 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. |
23 |
CVE-2016-9634 |
119 |
|
DoS Exec Code Overflow |
2017-01-27 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. |
24 |
CVE-2016-9131 |
20 |
|
DoS |
2017-01-12 |
2020-08-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. |
25 |
CVE-2016-8610 |
400 |
|
DoS |
2017-11-13 |
2020-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. |
26 |
CVE-2016-7426 |
400 |
|
DoS |
2017-01-13 |
2020-06-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. |
27 |
CVE-2016-5824 |
416 |
|
DoS |
2017-01-27 |
2019-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. |
28 |
CVE-2016-5011 |
|
|
DoS |
2017-04-11 |
2020-09-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. |
29 |
CVE-2015-8896 |
|
|
DoS |
2017-03-15 |
2021-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. |
30 |
CVE-2015-7852 |
20 |
|
DoS |
2017-08-07 |
2020-06-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. |
31 |
CVE-2015-7704 |
20 |
|
DoS |
2017-08-07 |
2021-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. |
32 |
CVE-2015-7702 |
20 |
|
DoS |
2017-08-07 |
2020-06-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. |
33 |
CVE-2015-7701 |
772 |
|
DoS |
2017-08-07 |
2020-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). |
34 |
CVE-2015-7692 |
20 |
|
DoS |
2017-08-07 |
2020-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. |
35 |
CVE-2015-7691 |
20 |
|
DoS |
2017-08-07 |
2020-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. |
36 |
CVE-2015-5300 |
361 |
|
DoS |
2017-07-21 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). |
37 |
CVE-2015-5219 |
704 |
|
DoS |
2017-07-21 |
2021-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. |
38 |
CVE-2015-5195 |
20 |
|
DoS |
2017-07-21 |
2018-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. |
39 |
CVE-2015-5194 |
20 |
|
DoS |
2017-07-21 |
2018-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. |