Total
2596 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0079 | 1 Microsoft | 4 Windows 7, Windows 8, Windows 8.1 and 1 more | 2019-05-14 | 7.8 HIGH | N/A |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka "Remote Desktop Protocol (RDP) Denial of Service Vulnerability." | |||||
CVE-2013-7332 | 1 Microsoft | 2 Windows 8, Windows 8.1 | 2019-05-14 | 5.0 MEDIUM | N/A |
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
CVE-2019-12041 | 1 Remarkable Project | 1 Remarkable | 2019-05-13 | 5.0 MEDIUM | 7.5 HIGH |
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. | |||||
CVE-2014-0316 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2019-05-13 | 7.5 HIGH | N/A |
Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (memory consumption) and bypass the ASLR protection mechanism via a crafted client that sends messages with an invalid data view, aka "LRPC ASLR Bypass Vulnerability." | |||||
CVE-2006-6296 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2019-04-30 | 6.1 MEDIUM | N/A |
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. | |||||
CVE-2006-0143 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2019-04-30 | 7.5 HIGH | N/A |
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. | |||||
CVE-2005-0803 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 5.0 MEDIUM | N/A |
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | |||||
CVE-2005-3644 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2019-04-30 | 7.8 HIGH | N/A |
PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. | |||||
CVE-2009-1138 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 10.0 HIGH | N/A |
The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. | |||||
CVE-2009-1139 | 1 Microsoft | 4 Adam, Windows 2000, Windows Server 2003 and 1 more | 2019-04-30 | 7.8 HIGH | N/A |
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." | |||||
CVE-2003-1448 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 7.8 HIGH | N/A |
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. | |||||
CVE-2009-1928 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2019-04-30 | 7.8 HIGH | N/A |
Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability." | |||||
CVE-2019-9809 | 1 Mozilla | 1 Firefox | 2019-04-29 | 5.0 MEDIUM | 7.5 HIGH |
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. | |||||
CVE-2019-9806 | 1 Mozilla | 1 Firefox | 2019-04-29 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. | |||||
CVE-2014-7940 | 2 Google, Icu-project | 2 Chrome, International Components For Unicode | 2019-04-23 | 7.5 HIGH | N/A |
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. | |||||
CVE-2013-0281 | 2 Clusterlabs, Redhat | 2 Pacemaker, Enterprise Linux | 2019-04-22 | 4.3 MEDIUM | N/A |
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking). | |||||
CVE-2011-0714 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2019-04-22 | 5.7 MEDIUM | N/A |
Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function. | |||||
CVE-2014-8333 | 2 Openstack, Redhat | 3 Nova, Enterprise Linux, Openstack | 2019-04-22 | 4.0 MEDIUM | N/A |
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | |||||
CVE-2014-0230 | 2 Apache, Oracle | 2 Tomcat, Virtualization | 2019-04-15 | 7.8 HIGH | N/A |
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. | |||||
CVE-2015-6415 | 1 Cisco | 1 Unified Computing System | 2019-04-15 | 7.1 HIGH | N/A |
Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. |