CWE:
 

Topic
Date
Author
Low
Linkedin iOS 9.11.8592.4 CPU Resource Exhaustion
03.08.2018
Juan Sacco
Med.
Asterisk 13.17.2dfsg-2 Memory Exhaustion
30.11.2017
Juan Sacco
Med.
Apple macOS 10.12.2 Safari SSL handshake MiTM Memory Exhaustion
14.12.2016
Maksymilian Arciemowic...
Med.
Apache HTTPD Web Server 2.4.23 Memory Exhaustion
06.12.2016
Naveen Tiwari
Med.
MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC)
25.10.2015
Maksymilian Arciemowic...
Med.
Bash 4.3 uncontrolled resources exhaustion
26.04.2015
Maksymilian Arciemowic...
High
Drupal 7.34 Memory Exhaustion
02.12.2014
Javer Nieto and Andres...
Med.
C++11 <regex> insecure by default
31.07.2014
Maksymilian Arciemowic...
Med.
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
13.03.2014
Maksymilian Arciemowic...
Med.
Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
27.02.2014
soroush
Med.
lighttpd multiple issues (setuid unchecked; FAM read after free)
13.11.2013
Stefan Buhler
Med.
Real Player 16.0.2.32 Resource Exhaustion
03.07.2013
Akshaysinh Vaghela
High
3S CODESYS Gateway 2.3.9.27 Gateway Use After Free
28.05.2013
USCERT
Med.
python backports ssl_match_hostname Resource Exhaustion 0day
15.05.2013
Florian Weimer
Med.
MacOSX 10.10.5 ftpd Resource Exhaustion (APPLE-SA-2015-09-30-3) *youtube
10.04.2013
Maksymilian Arciemowic...
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
easyftpsvr-1.7.0.2 Resource Exhaustion
06.04.2013
AkaStep
Med.
BIND 9 Memory Exhaustion
28.03.2013
Matthew Horsfall
Med.
FreeBSD 9.1 ftpd Remote Denial of Service
01.02.2013
Maksymilian Arciemowic...
Med.
FreeBSD/GNU ftpd remote denial of service exploit
31.01.2013
DevilTeam
Low
linux kernel Btrfs CRC32C infinite loop and privilege boundaries
14.12.2012
Pascal Junod
Med.
Splunk 4.3.x Denial Of Service
03.11.2012
nruns
High
Mozilla Firefox nsHTMLSelectElement Remote Code Execution
04.08.2012
regenrecht
Med.
FileZilla Server version 0.9.41 beta Remote DOS (CPU exhaustion) POC
12.07.2012
coolkaveh
Med.
Microsoft IIS 6, 7.5 FTP Server Remote Denial Of Service
04.07.2012
coolkaveh
Low
WordPress DoS Vulnerability
16.04.2012
MustLive
Med.
PHP 5.4/5.3 deprecated eregi() memory_limit bypass
30.03.2012
Maksymilian Arciemowic...
Med.
PHP 5.4 5.3 memory_limit bypass poc
30.03.2012
Maksymilian Arciemowic...
Med.
PHP 5.4.0 remote memory exhaustion
26.03.2012
ls
Low
Spotify 0.8.2.610 (search func) Memory Exhaustion Exploit
23.03.2012
Gjoko 'LiquidWorm' Krs...
Med.
PHP 5.3.8 Hashtables Proof Of Concept
02.01.2012
me
High
MS11-064 TCP/IP Stack Denial of Service
23.10.2011
Byoungyoung Lee
Med.
IceWarp Mail Server 10.3.2 Multiple Vulnerabilities
04.10.2011
David Kirkpatrick of T...
Med.
Palm Pre WebOS version <= 1.1 Floating Point Exception
17.09.2011
PalmPreHacker
Low
Wireshark 1.6.1 Malformed IKE Packet Denial of Service
26.08.2011
nipc
Med.
PHP 5.3.6 ZipArchive invalid use glob(3)
19.08.2011
Maksymilian Arciemowic...
High
Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7)
16.08.2011
mr_me
High
Mozilla Firefox 3.6.16 mChannel use after free vulnerability
12.08.2011
metasploit
High
Firefox 3.6.16 OBJECT mChannel Remote Code Execution Exploit (DEP bypass)
08.08.2011
Rh0[at]z1p.biz
Med.
Arbitrary files deletion in Novell File Reporter 1.0.4.2
19.07.2011
Luigi Auriemma
Med.
Post Revolution 0.8.0c Multiple Remote Vulnerabilities
09.06.2011
Javier Bassi
Med.
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
13.05.2011
Maksymilian Arciemowic...
High
Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit
15.03.2011
MJ Keith
High
*bsd libc/glob resource exhaustion (ftpd exploit)
04.03.2011
Maksymilian Arciemowic...
Med.
vsftpd 2.3.2 remote denial-of-service
01.03.2011
Maksymilian Arciemowic...
High
Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
21.02.2011
VMware Security Team
Med.
Apache Tomcat DoS Vulnerability
14.02.2011
Tomcat security team
Med.
Wireshark ZigBee ZCL Dissector Infinite Loop Denial of Service
15.01.2011
Fred Fierling
High
Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution
12.01.2011
Michal Zalewski
Med.
GNU libc/regcomp(3) Multiple Vulnerabilities
07.01.2011
Maksymilian Arciemowic...
High
linux 2.6.37rc5 econet AUN-over-UDP receive NULL dereference
01.01.2011
Nelson Elhage
Low
Linux Kernel 2.6.35.9 \'setup_arg_pages()\' Denial of Service Vulnerability
02.12.2010
Roland McGrath
Low
Linux Kernel 2.6.37:rc2 Unix Sockets Local Denial of Service
02.12.2010
Key Night
Med.
OpenTTD Client Disconnection Handling Use-after-free Vulnerability
25.11.2010
Vulnerability reported...
Low
Linux Kernel \'perf_event_mmap()\' Local Denial of Service Vulnerability
25.11.2010
Dave Jones
High
Camtron CMNC-200 IP Camera Denial of Service Vulnerability
18.11.2010
Trustwave's SpiderLabs
Med.
IBM OmniFind Crawler Denial of Service Vulnerability
15.11.2010
Fatih Kilic
High
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
12.11.2010
Matteo Memelli
High
Internet Explorer Memory Corruption 0day Vulnerability
12.11.2010
unknown
High
Internet Explorer Memory Corruption 0day Vulnerability
09.11.2010
unknown
Med.
IBM solidDB <= 6.5.0.3 Denial of Service Vulnerability
27.10.2010
null
High
Multiple Vendors libc/glob(3) remote ftpd resource exhaustion
07.10.2010
Maksymilian Arciemowic...
High
Adobe Acrobat Reader and Flash \'newfunction\' Remote Code Execution Vulnerability
28.09.2010
Abysssec
Med.
FreeType 2.4.1 Memory corruption flaw by processing certain
22.08.2010
Jan Lieskovsky
Med.
FreeType 2.4.1 Memory corruption
22.08.2010
Robert Swiecki
High
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)
20.08.2010
Piotr Bania
Med.
Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)
18.08.2010
Tavis Ormandy
Med.
cabextract -- 1, Infinite loop in MS-ZIP
10.08.2010
Jan Lieskovsky
Med.
Firefox, Internet Explorer, Chrome and Opera DoS vulnerabilities
03.06.2010
MustLive
Med.
Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
26.05.2010
MustLive
Med.
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
25.05.2010
geinblues
Med.
Apache ActiveMQ 5.4.0 source code disclosure vulnerability
30.04.2010
Secpod
Med.
IBM BladeCenter Management Module - DoS vulnerability
19.04.2010
Alexandr Polyakov
Low
kadmind in older krb5 denial of service
10.04.2010
Tom Yu
High
Internet Explorer 8/7 Java Html Codes INJECTION
06.03.2010
7H3_BoSs
High
VNC mode can crash QEMU
26.10.2009
Mark McLoughlin
High
linux kernel 2.6.27.21 and prior multiple vulnerabilities
22.10.2009
Josh Bressers
High
Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce
16.10.2009
Adam Zabrocki
High
Security Notice for CA Anti-Virus Engine
14.10.2009
Williams, James K
High
AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit
13.10.2009
nine:situations:group:...
Med.
Safari 3.2.3 (Win32) JavaScript (eval) Remote DoS Exploit
23.09.2009
Jeremy Brown
High
Windows Vista/2008 (SMB2.0) Remote Command Execution
08.09.2009
Laurent Gaffi
Med.
MS Internet Explorer (Javascript SetAttribute) Remote Crash Exploit
02.09.2009
Irfan Asrar
High
Borland VisiBroker Smart Agent <= 08.00.00.C1.03 Remote Heap Overflow Vulnerability
31.08.2009
Luigi Auriemma
High
LogMeIn Remote Access Utility ActiveX Memory Corruption
27.08.2009
Yag Kohha
Med.
DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome
26.08.2009
MustLive
Med.
Security Notice for CA Host-Based Intrusion Prevention System
26.08.2009
Kotas
Low
Failed assertion in the Unreal engine
24.08.2009
Luigi Auriemma
Med.
Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service
20.08.2009
Maksymilian Arciemowic...
High
AST-2009-005: Remote Crash Vulnerability in SIP channel driver
14.08.2009
Asterisk Security Team
High
OpenBSD 4.3 up to 4.5: PF null pointer dereference - remote DoS
12.08.2009
rembrandt
Med.
DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome
26.07.2009
MustLive
High
One bug to rule them all Firefox, IE, Safari, Opera, Chrome, Seamonkey
26.07.2009
Thierry Zoller
Low
Apache (mod_deflate) Denial of Service Vulnerability
12.07.2009
Franois Guerraz
High
phion airlock Web Application Firewall: Remote DoS & Command Execution
07.07.2009
Kirchner Michael
Med.
Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
04.06.2009
CORE Security Technolo...
Med.
Firefox (all?) Denial of Service through unclamped loop (SVG)
02.06.2009
Thierry Zoller
Med.
TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit
20.05.2009
Jonathan Salwan
Med.
Google Chrome 1.0.154.53 (Null Pointer) Remote Crash
05.05.2009
Aditya K Sood
Med.
Mac OS X xnu <= 1228.3.13 (macfsstat) Local Kernel Memory Leak/DoS
05.04.2009
mu-b


CVEMAP Search Results

CVE
Details
Description
2018-06-28
Medium
CVE-2018-12934

Vendor: GNU
Software: Binutils
 

 
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

 
2018-06-27
Medium
CVE-2018-12913

Vendor: Miniz project
Software: Miniz
 

 
In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.

 
2018-06-23
Medium
CVE-2018-12698

Vendor: GNU
Software: Binutils
 

 
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

 
Medium
CVE-2018-12700

Vendor: GNU
Software: Binutils
 

 
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.

 
2018-06-22
Low
CVE-2018-12641

Vendor: GNU
Software: Binutils
 

 
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

 
2018-06-21
High
CVE-2018-0310

Vendor: Cisco
Software: Nx-os
 

 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559.

 
High
CVE-2018-0311

Vendor: Cisco
Software: Nx-os
 

 
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could cause process crashes and result in a DoS condition on the device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69960, CSCve02463, CSCve04859, CSCve41530, CSCve41537, CSCve41541, CSCve41557.

 
Medium
CVE-2018-0331

Vendor: Cisco
Software: Nx-os
 

 
A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007.

 
Medium
CVE-2016-10723

Vendor: Linux
Software: Linux kernel
 

 
** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle."

 
2018-06-19
Medium
CVE-2018-1061

Vendor: Python
Software: Python
 

 
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top