CWE-399: Resource Management Errors - CXSecurity.com

Search:
WLB2

CWE:
 

Topic
Date
Author
Medium Risk

MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service

13.03.2014
CXSECURITY
Medium Risk

Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability

27.02.2014
soroush
Medium Risk

lighttpd multiple issues (setuid unchecked; FAM read after free)

13.11.2013
Stefan Buhler
Medium Risk

Real Player 16.0.2.32 Resource Exhaustion

03.07.2013
Akshaysinh Vaghe...
High Risk

3S CODESYS Gateway 2.3.9.27 Gateway Use After Free

28.05.2013
USCERT
Medium Risk

python backports ssl_match_hostname Resource Exhaustion 0day

15.05.2013
Florian Weimer
High Risk

MacOSX 10.8.3 ftpd Resource Exhaustion *youtube

10.04.2013
Maksymilian Arci...
Medium Risk

Cisco Firewall Services Module Software Multiple Vulnerabilities

10.04.2013
Cisco
Medium Risk

easyftpsvr-1.7.0.2 Resource Exhaustion

06.04.2013
AkaStep
Medium Risk

BIND 9 Memory Exhaustion

28.03.2013
Matthew Horsfall
Medium Risk

FreeBSD 9.1 ftpd Remote Denial of Service

01.02.2013
Maksymilian Arci...
Medium Risk

FreeBSD/GNU ftpd remote denial of service exploit

31.01.2013
DevilTeam
Low Risk

linux kernel Btrfs CRC32C infinite loop and privilege boundaries

14.12.2012
Pascal Junod
Medium Risk

Splunk 4.3.x Denial Of Service

03.11.2012
nruns
High Risk

Mozilla Firefox nsHTMLSelectElement Remote Code Execution

04.08.2012
regenrecht
Medium Risk

FileZilla Server version 0.9.41 beta Remote DOS (CPU exhaustion) POC

12.07.2012
coolkaveh
Medium Risk

Microsoft IIS 6, 7.5 FTP Server Remote Denial Of Service

04.07.2012
coolkaveh
Low Risk

WordPress DoS Vulnerability

16.04.2012
MustLive
Medium Risk

PHP 5.4/5.3 deprecated eregi() memory_limit bypass

30.03.2012
Maksymilian Arci...
Medium Risk

PHP 5.4 5.3 memory_limit bypass poc

30.03.2012
Maksymilian Arci...
Medium Risk

PHP 5.4.0 remote memory exhaustion

26.03.2012
ls
Low Risk

Spotify 0.8.2.610 (search func) Memory Exhaustion Exploit

23.03.2012
Gjoko 'LiquidWor...
Medium Risk

PHP 5.3.8 Hashtables Proof Of Concept

02.01.2012
me
High Risk

MS11-064 TCP/IP Stack Denial of Service

23.10.2011
Byoungyoung Lee
Medium Risk

IceWarp Mail Server 10.3.2 Multiple Vulnerabilities

04.10.2011
David Kirkpatric...
Medium Risk

Palm Pre WebOS version <= 1.1 Floating Point Exception

17.09.2011
PalmPreHacker
Low Risk

Wireshark 1.6.1 Malformed IKE Packet Denial of Service

26.08.2011
nipc
Medium Risk

PHP 5.3.6 ZipArchive invalid use glob(3)

19.08.2011
Maksymilian Arci...
High Risk

Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7)

16.08.2011
mr_me
High Risk

Mozilla Firefox 3.6.16 mChannel use after free vulnerability

12.08.2011
metasploit
High Risk

Firefox 3.6.16 OBJECT mChannel Remote Code Execution Exploit (DEP bypass)

08.08.2011
Rh0[at]z1p.biz
Medium Risk

Arbitrary files deletion in Novell File Reporter 1.0.4.2

19.07.2011
Luigi Auriemma
Medium Risk

Post Revolution 0.8.0c Multiple Remote Vulnerabilities

09.06.2011
Javier Bassi
Medium Risk

Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)

13.05.2011
Maksymilian Arci...
High Risk

Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit

15.03.2011
MJ Keith
High Risk

*bsd libc/glob resource exhaustion (ftpd exploit)

04.03.2011
Maksymilian Arci...
Medium Risk

vsftpd 2.3.2 remote denial-of-service

01.03.2011
Maksymilian Arci...
High Risk

Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi

21.02.2011
VMware Security ...
Medium Risk

Apache Tomcat DoS Vulnerability

14.02.2011
Tomcat security ...
Medium Risk

Wireshark ZigBee ZCL Dissector Infinite Loop Denial of Service

15.01.2011
Fred Fierling
High Risk

Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution

12.01.2011
Michal Zalewski
Medium Risk

GNU libc/regcomp(3) Multiple Vulnerabilities

07.01.2011
Maksymilian Arci...
High Risk

linux 2.6.37rc5 econet AUN-over-UDP receive NULL dereference

01.01.2011
Nelson Elhage
Low Risk

Linux Kernel 2.6.35.9 'setup_arg_pages()' Denial of Service Vulnerability

02.12.2010
Roland McGrath
Low Risk

Linux Kernel 2.6.37:rc2 Unix Sockets Local Denial of Service

02.12.2010
Key Night
Medium Risk

OpenTTD Client Disconnection Handling Use-after-free Vulnerability

25.11.2010
Vulnerability re...
Low Risk

Linux Kernel 'perf_event_mmap()' Local Denial of Service Vulnerability

25.11.2010
Dave Jones
High Risk

Camtron CMNC-200 IP Camera Denial of Service Vulnerability

18.11.2010
Trustwave's Spid...
Medium Risk

IBM OmniFind Crawler Denial of Service Vulnerability

15.11.2010
Fatih Kilic
High Risk

Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit

12.11.2010
Matteo Memelli
High Risk

Internet Explorer Memory Corruption 0day Vulnerability

12.11.2010
unknown
High Risk

Internet Explorer Memory Corruption 0day Vulnerability

09.11.2010
unknown
Medium Risk

IBM solidDB <= 6.5.0.3 Denial of Service Vulnerability

27.10.2010
null
High Risk

Multiple Vendors libc/glob(3) remote ftpd resource exhaustion

07.10.2010
Maksymilian Arci...
High Risk

Adobe Acrobat Reader and Flash 'newfunction' Remote Code Execution Vulnerability

28.09.2010
Abysssec
Medium Risk

FreeType 2.4.1 Memory corruption flaw by processing certain

22.08.2010
Jan Lieskovsky
Medium Risk

FreeType 2.4.1 Memory corruption

22.08.2010
Robert Swiecki
High Risk

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)

20.08.2010
Piotr Bania
Medium Risk

Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)

18.08.2010
Tavis Ormandy
Medium Risk

cabextract -- 1, Infinite loop in MS-ZIP

10.08.2010
Jan Lieskovsky
Medium Risk

Firefox, Internet Explorer, Chrome and Opera DoS vulnerabilities

03.06.2010
MustLive
Medium Risk

Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities

26.05.2010
MustLive
Medium Risk

Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities

25.05.2010
geinblues
Medium Risk

Apache ActiveMQ 5.4.0 source code disclosure vulnerability

30.04.2010
Secpod
Medium Risk

IBM BladeCenter Management Module - DoS vulnerability

19.04.2010
Alexandr Polyako...
Low Risk

kadmind in older krb5 denial of service

10.04.2010
Tom Yu
High Risk

Internet Explorer 8/7 Java Html Codes INJECTION

06.03.2010
7H3_BoSs
High Risk

VNC mode can crash QEMU

26.10.2009
Mark McLoughlin
High Risk

linux kernel 2.6.27.21 and prior multiple vulnerabilities

22.10.2009
Josh Bressers
High Risk

Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce

16.10.2009
Adam Zabrocki
High Risk

Security Notice for CA Anti-Virus Engine

14.10.2009
Williams, James ...
High Risk

AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit

13.10.2009
nine:situations:...
Medium Risk

Safari 3.2.3 (Win32) JavaScript (eval) Remote DoS Exploit

23.09.2009
Jeremy Brown
High Risk

Windows Vista/2008 (SMB2.0) Remote Command Execution

08.09.2009
Laurent Gaffié
Medium Risk

MS Internet Explorer (Javascript SetAttribute) Remote Crash Exploit

02.09.2009
Irfan Asrar
High Risk

Borland VisiBroker Smart Agent <= 08.00.00.C1.03 Remote Heap Overflow Vulnerability

31.08.2009
Luigi Auriemma
High Risk

LogMeIn Remote Access Utility ActiveX Memory Corruption

27.08.2009
Yag Kohha
Medium Risk

DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome

26.08.2009
MustLive
Medium Risk

Security Notice for CA Host-Based Intrusion Prevention System

26.08.2009
Kotas
Low Risk

Failed assertion in the Unreal engine

24.08.2009
Luigi Auriemma
Medium Risk

Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service

20.08.2009
Maksymilian Arci...
High Risk

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

14.08.2009
Asterisk Securit...
High Risk

OpenBSD 4.3 up to 4.5: PF null pointer dereference - remote DoS

12.08.2009
rembrandt
Medium Risk

DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome

26.07.2009
MustLive
High Risk

One bug to rule them all Firefox, IE, Safari, Opera, Chrome, Seamonkey

26.07.2009
Thierry Zoller
Low Risk

Apache (mod_deflate) Denial of Service Vulnerability

12.07.2009
François Guerraz
High Risk

phion airlock Web Application Firewall: Remote DoS & Command Execution

07.07.2009
Kirchner Michael
Medium Risk

Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability

04.06.2009
CORE Security Te...
Medium Risk

Firefox (all?) Denial of Service through unclamped loop (SVG)

02.06.2009
Thierry Zoller
Medium Risk

TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit

20.05.2009
Jonathan Salwan
Medium Risk

Google Chrome 1.0.154.53 (Null Pointer) Remote Crash

05.05.2009
Aditya K Sood
Medium Risk

Mac OS X xnu <= 1228.3.13 (macfsstat) Local Kernel Memory Leak/DoS

05.04.2009
mu-b
Low Risk

Serv-U 7.4.0.1 (SMNT) Denial of Service Exploit (post auth)

20.03.2009
Jonathan Salwan
High Risk

EMC NetWorker Denial of Service Vulnerability

21.02.2009
Fortinet's Forti...
Medium Risk

Titan FTP server 6.26 build 630 Remote Denial of Service Exploit

07.02.2009
Anon
Low Risk

QIP 2005 Denial of Service Vulnerability

06.02.2009
Maxim Kulakov
Medium Risk

F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass

31.12.2008
iViZ
Low Risk

PGP Desktop 9.0.6 Denial Of Service

28.12.2008
contact.fingers_...
Medium Risk

CORE-2008-1210: Qemu and KVM VNC server remote DoS

25.12.2008
CORE Security Te...
High Risk

Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer dereference

25.12.2008
Tobias Klein

CVEMAP Search Results

CVE
Details
Description
2014-04-23
Medium Risk
[ CVE-2012-0360 ]

Vendor: Cisco
Software: IOS
 

 
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

 
Medium Risk
[ CVE-2012-5036 ]

Vendor: Cisco
Software: IOS
 

 
Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.

 
Low Risk
[ CVE-2012-5039 ]

Vendor: Cisco
Software: IOS
 

 
The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.

 
Medium Risk
[ CVE-2014-2154 ]

Vendor: Cisco
Software: Adaptive sec...
 

 
Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP packets, aka Bug ID CSCuf67469.

 
High Risk
[ CVE-2014-0474 ]

Vendor: Djangoproject
Software: Django
 

 
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

 
2014-04-16
Low Risk
[ CVE-2014-1453 ]

Vendor: Freebsd
Software: Freebsd
 

 
The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.

 
2014-04-15
Medium Risk
[ CVE-2014-2384 ]

Vendor: Vmware
Software: Player
 

 
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable."

 
Medium Risk
[ CVE-2014-2580 ]

Vendor: XEN
Software: XEN
 

 
The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface.

 
High Risk
[ CVE-2014-2842 ]

Vendor: Juniper
Software: Screenos
 

 
Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.

 
2014-04-09
Medium Risk
[ CVE-2014-1719 ]

Vendor: Google
Software: Chrome
 

 
Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.

 

 

Copyright 2014, cxsecurity.com