Total
3381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10523 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2024-11-21 | N/A |
| MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. | ||||
| CVE-2016-10521 | 1 Jshamcrest Project | 1 Jshamcrest | 2024-11-21 | 7.5 High |
| jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | ||||
| CVE-2016-10520 | 1 Jadedown Project | 1 Jadedown | 2024-11-21 | 7.5 High |
| jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2016-1000232 | 3 Ibm, Redhat, Salesforce | 5 Api Connect, Openshift, Openshift Container Platform and 2 more | 2024-11-21 | N/A |
| NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | ||||
| CVE-2015-9548 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | ||||
| CVE-2015-9274 | 1 Harfbuzz Project | 1 Harfbuzz | 2024-11-21 | N/A |
| HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. | ||||
| CVE-2015-9253 | 1 Php | 1 Php | 2024-11-21 | N/A |
| An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. | ||||
| CVE-2015-9252 | 1 Qpdf Project | 1 Qpdf | 2024-11-21 | N/A |
| An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. | ||||
| CVE-2015-9242 | 1 Ecstatic Project | 1 Ecstatic | 2024-11-21 | N/A |
| Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header. | ||||
| CVE-2015-9241 | 1 Hapijs | 1 Hapi | 2024-11-21 | N/A |
| Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes). | ||||
| CVE-2015-9239 | 1 Ansi2html Project | 1 Ansi2html | 2024-11-21 | 7.5 High |
| ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2015-5333 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2024-11-21 | 7.5 High |
| Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | ||||
| CVE-2015-5159 | 1 Kdcproxy Project | 1 Kdcproxy | 2024-11-21 | N/A |
| python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request. | ||||
| CVE-2015-4412 | 1 Bson Project | 1 Bson | 2024-11-21 | N/A |
| BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string. | ||||
| CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-11-21 | 7.5 High |
| The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | ||||
| CVE-2014-8937 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.5 High |
| Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. | ||||
| CVE-2014-8561 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 6.5 Medium |
| imagemagick 6.8.9.6 has remote DOS via infinite loop | ||||
| CVE-2014-3648 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 7.5 High |
| The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. | ||||
| CVE-2014-3447 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 7.5 High |
| BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability | ||||
| CVE-2014-2885 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | N/A |
| Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. | ||||