Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-399
Total 2596 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1899 1 Ibm 1 Websphere Portal 2015-05-26 7.8 HIGH N/A
IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2015-0971 2 Debian, Openinfosecfoundation 2 Debian Linux, Suricata 2015-05-15 5.0 MEDIUM N/A
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.
CVE-2015-0648 1 Cisco 1 Ios 2015-03-26 7.8 HIGH N/A
Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
CVE-2015-0671 1 Cisco 1 Videoscape Delivery System For Internet Streamer 2015-03-20 5.0 MEDIUM N/A
The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911.
CVE-2015-0132 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2015-03-18 7.8 HIGH N/A
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2015-0887 1 Iij 8 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 5 more 2015-03-04 7.1 HIGH N/A
npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet.
CVE-2014-6303 1 Pnmsoft 1 Sequence Kinetics 2015-02-19 5.0 MEDIUM N/A
The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2015-1030 1 Privoxy 1 Privoxy 2015-02-03 5.0 MEDIUM N/A
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
CVE-2014-7266 1 Cybozu 1 Remote Service Manager 2015-02-02 7.8 HIGH N/A
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983.
CVE-2014-5418 1 Ge 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more 2015-01-21 7.8 HIGH N/A
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.
CVE-2014-8414 1 Digium 2 Asterisk, Certified Asterisk 2014-12-30 5.0 MEDIUM N/A
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
CVE-2013-5958 1 Sensiolabs 1 Symfony 2014-12-29 5.0 MEDIUM N/A
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.
CVE-2014-8016 1 Cisco 1 Ironport Email Security Appliances 2014-12-19 5.0 MEDIUM N/A
The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.
CVE-2014-7250 4 Bsd, Freebsd, Netbsd and 1 more 4 Bsd, Freebsd, Netbsd and 1 more 2014-12-12 5.0 MEDIUM N/A
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
CVE-2014-1950 1 Xen 1 Xen 2014-12-11 4.6 MEDIUM N/A
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.
CVE-2014-5429 1 Elipse 3 E3, Power, Scada 2014-12-08 5.0 MEDIUM N/A
DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets.
CVE-2014-2382 1 Faronics 1 Deep Freeze 2014-11-20 7.2 HIGH N/A
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.
CVE-2014-2734 1 Ruby-lang 1 Ruby 2014-11-18 5.8 MEDIUM N/A
** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher.
CVE-2014-3755 1 Mumble 1 Mumble 2014-11-17 5.0 MEDIUM N/A
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.
CVE-2014-6423 1 Wireshark 1 Wireshark 2014-11-05 5.0 MEDIUM N/A
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.