Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-400
Total 1255 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3768 2 Ibm, Lenova 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more 2018-02-15 7.8 HIGH 7.5 HIGH
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.
CVE-2018-6352 1 Podofo Project 1 Podofo 2018-02-15 4.3 MEDIUM 5.5 MEDIUM
In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.
CVE-2017-14179 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2018-02-15 7.2 HIGH 7.8 HIGH
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
CVE-2017-14180 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2018-02-15 7.2 HIGH 7.8 HIGH
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
CVE-2017-14177 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2018-02-15 7.2 HIGH 7.8 HIGH
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
CVE-2017-13211 1 Google 1 Android 2018-02-06 7.8 HIGH 7.5 HIGH
In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158.
CVE-2016-10707 1 Jquery 1 Jquery 2018-02-02 5.0 MEDIUM 7.5 HIGH
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
CVE-2017-17901 1 Zyxel 2 P-660hw, P-660hw Firmware 2018-01-16 7.8 HIGH 7.5 HIGH
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
CVE-2017-11142 1 Php 1 Php 2018-01-13 7.8 HIGH 7.5 HIGH
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
CVE-2014-3651 1 Keycloak 1 Keycloak 2018-01-11 5.0 MEDIUM 7.5 HIGH
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVE-2016-6213 1 Linux 1 Linux Kernel 2018-01-04 4.7 MEDIUM 4.7 MEDIUM
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
CVE-2016-9685 1 Linux 1 Linux Kernel 2018-01-04 4.9 MEDIUM 5.5 MEDIUM
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
CVE-2017-15529 1 Symantec 1 Norton Family 2017-12-27 2.1 LOW 6.2 MEDIUM
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.
CVE-2017-4920 1 Vmware 1 Nsx-v Edge 2017-12-22 7.1 HIGH 5.9 MEDIUM
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.
CVE-2017-2734 1 Huawei 2 P9 Plus, P9 Plus Firmware 2017-12-11 7.1 HIGH 5.5 MEDIUM
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion.
CVE-2017-1000191 1 Jool 1 Jool 2017-12-04 7.8 HIGH 7.5 HIGH
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.
CVE-2017-7132 1 Apple 1 Mac Os X 2017-11-27 6.8 MEDIUM 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.
CVE-2017-13825 1 Apple 1 Mac Os X 2017-11-27 6.8 MEDIUM 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file.
CVE-2017-6161 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 8 more 2017-11-16 2.9 LOW 5.3 MEDIUM
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.
CVE-2017-15882 1 Londontrustmedia 1 Private Internet Access 2017-11-16 5.0 MEDIUM 7.5 HIGH
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.