CWE:
 

Topic
Date
Author
Low
Linkedin iOS 9.11.8592.4 CPU Resource Exhaustion
03.08.2018
Juan Sacco
Med.
Asterisk 13.17.2dfsg-2 Memory Exhaustion
30.11.2017
Juan Sacco
Med.
Apple macOS 10.12.2 Safari SSL handshake MiTM Memory Exhaustion
14.12.2016
Maksymilian Arciemowic...
Med.
Apache HTTPD Web Server 2.4.23 Memory Exhaustion
06.12.2016
Naveen Tiwari
Med.
MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC)
25.10.2015
Maksymilian Arciemowic...
Med.
Bash 4.3 uncontrolled resources exhaustion
26.04.2015
Maksymilian Arciemowic...
High
Drupal 7.34 Memory Exhaustion
02.12.2014
Javer Nieto and Andres...
Med.
C++11 <regex> insecure by default
31.07.2014
Maksymilian Arciemowic...
Med.
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
13.03.2014
Maksymilian Arciemowic...
Med.
Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
27.02.2014
soroush
Med.
lighttpd multiple issues (setuid unchecked; FAM read after free)
13.11.2013
Stefan Buhler
Med.
Real Player 16.0.2.32 Resource Exhaustion
03.07.2013
Akshaysinh Vaghela
High
3S CODESYS Gateway 2.3.9.27 Gateway Use After Free
28.05.2013
USCERT
Med.
python backports ssl_match_hostname Resource Exhaustion 0day
15.05.2013
Florian Weimer
Med.
MacOSX 10.10.5 ftpd Resource Exhaustion (APPLE-SA-2015-09-30-3) *youtube
10.04.2013
Maksymilian Arciemowic...
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
easyftpsvr-1.7.0.2 Resource Exhaustion
06.04.2013
AkaStep
Med.
BIND 9 Memory Exhaustion
28.03.2013
Matthew Horsfall
Med.
FreeBSD 9.1 ftpd Remote Denial of Service
01.02.2013
Maksymilian Arciemowic...
Med.
FreeBSD/GNU ftpd remote denial of service exploit
31.01.2013
DevilTeam
Low
linux kernel Btrfs CRC32C infinite loop and privilege boundaries
14.12.2012
Pascal Junod
Med.
Splunk 4.3.x Denial Of Service
03.11.2012
nruns
High
Mozilla Firefox nsHTMLSelectElement Remote Code Execution
04.08.2012
regenrecht
Med.
FileZilla Server version 0.9.41 beta Remote DOS (CPU exhaustion) POC
12.07.2012
coolkaveh
Med.
Microsoft IIS 6, 7.5 FTP Server Remote Denial Of Service
04.07.2012
coolkaveh
Low
WordPress DoS Vulnerability
16.04.2012
MustLive
Med.
PHP 5.4/5.3 deprecated eregi() memory_limit bypass
30.03.2012
Maksymilian Arciemowic...
Med.
PHP 5.4 5.3 memory_limit bypass poc
30.03.2012
Maksymilian Arciemowic...
Med.
PHP 5.4.0 remote memory exhaustion
26.03.2012
ls
Low
Spotify 0.8.2.610 (search func) Memory Exhaustion Exploit
23.03.2012
Gjoko 'LiquidWorm' Krs...
Med.
PHP 5.3.8 Hashtables Proof Of Concept
02.01.2012
me
High
MS11-064 TCP/IP Stack Denial of Service
23.10.2011
Byoungyoung Lee
Med.
IceWarp Mail Server 10.3.2 Multiple Vulnerabilities
04.10.2011
David Kirkpatrick of T...
Med.
Palm Pre WebOS version <= 1.1 Floating Point Exception
17.09.2011
PalmPreHacker
Low
Wireshark 1.6.1 Malformed IKE Packet Denial of Service
26.08.2011
nipc
Med.
PHP 5.3.6 ZipArchive invalid use glob(3)
19.08.2011
Maksymilian Arciemowic...
High
Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7)
16.08.2011
mr_me
High
Mozilla Firefox 3.6.16 mChannel use after free vulnerability
12.08.2011
metasploit
High
Firefox 3.6.16 OBJECT mChannel Remote Code Execution Exploit (DEP bypass)
08.08.2011
Rh0[at]z1p.biz
Med.
Arbitrary files deletion in Novell File Reporter 1.0.4.2
19.07.2011
Luigi Auriemma
Med.
Post Revolution 0.8.0c Multiple Remote Vulnerabilities
09.06.2011
Javier Bassi
Med.
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
13.05.2011
Maksymilian Arciemowic...
High
Android 2.0 ,2.1, 2.1.1 WebKit Use-After-Free Exploit
15.03.2011
MJ Keith
High
*bsd libc/glob resource exhaustion (ftpd exploit)
04.03.2011
Maksymilian Arciemowic...
Med.
vsftpd 2.3.2 remote denial-of-service
01.03.2011
Maksymilian Arciemowic...
High
Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
21.02.2011
VMware Security Team
Med.
Apache Tomcat DoS Vulnerability
14.02.2011
Tomcat security team
Med.
Wireshark ZigBee ZCL Dissector Infinite Loop Denial of Service
15.01.2011
Fred Fierling
High
Multiple Vendors (Internet Explorer, Mozilla etc) remote code execution
12.01.2011
Michal Zalewski
Med.
GNU libc/regcomp(3) Multiple Vulnerabilities
07.01.2011
Maksymilian Arciemowic...
High
linux 2.6.37rc5 econet AUN-over-UDP receive NULL dereference
01.01.2011
Nelson Elhage
Low
Linux Kernel 2.6.35.9 \'setup_arg_pages()\' Denial of Service Vulnerability
02.12.2010
Roland McGrath
Low
Linux Kernel 2.6.37:rc2 Unix Sockets Local Denial of Service
02.12.2010
Key Night
Med.
OpenTTD Client Disconnection Handling Use-after-free Vulnerability
25.11.2010
Vulnerability reported...
Low
Linux Kernel \'perf_event_mmap()\' Local Denial of Service Vulnerability
25.11.2010
Dave Jones
High
Camtron CMNC-200 IP Camera Denial of Service Vulnerability
18.11.2010
Trustwave's SpiderLabs
Med.
IBM OmniFind Crawler Denial of Service Vulnerability
15.11.2010
Fatih Kilic
High
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
12.11.2010
Matteo Memelli
High
Internet Explorer Memory Corruption 0day Vulnerability
12.11.2010
unknown
High
Internet Explorer Memory Corruption 0day Vulnerability
09.11.2010
unknown
Med.
IBM solidDB <= 6.5.0.3 Denial of Service Vulnerability
27.10.2010
null
High
Multiple Vendors libc/glob(3) remote ftpd resource exhaustion
07.10.2010
Maksymilian Arciemowic...
High
Adobe Acrobat Reader and Flash \'newfunction\' Remote Code Execution Vulnerability
28.09.2010
Abysssec
Med.
FreeType 2.4.1 Memory corruption flaw by processing certain
22.08.2010
Jan Lieskovsky
Med.
FreeType 2.4.1 Memory corruption
22.08.2010
Robert Swiecki
High
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)
20.08.2010
Piotr Bania
Med.
Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)
18.08.2010
Tavis Ormandy
Med.
cabextract -- 1, Infinite loop in MS-ZIP
10.08.2010
Jan Lieskovsky
Med.
Firefox, Internet Explorer, Chrome and Opera DoS vulnerabilities
03.06.2010
MustLive
Med.
Firefox, Internet Explorer, Chrome, Opera and other browsers DoS vulnerabilities
26.05.2010
MustLive
Med.
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
25.05.2010
geinblues
Med.
Apache ActiveMQ 5.4.0 source code disclosure vulnerability
30.04.2010
Secpod
Med.
IBM BladeCenter Management Module - DoS vulnerability
19.04.2010
Alexandr Polyakov
Low
kadmind in older krb5 denial of service
10.04.2010
Tom Yu
High
Internet Explorer 8/7 Java Html Codes INJECTION
06.03.2010
7H3_BoSs
High
VNC mode can crash QEMU
26.10.2009
Mark McLoughlin
High
linux kernel 2.6.27.21 and prior multiple vulnerabilities
22.10.2009
Josh Bressers
High
Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce
16.10.2009
Adam Zabrocki
High
Security Notice for CA Anti-Virus Engine
14.10.2009
Williams, James K
High
AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit
13.10.2009
nine:situations:group:...
Med.
Safari 3.2.3 (Win32) JavaScript (eval) Remote DoS Exploit
23.09.2009
Jeremy Brown
High
Windows Vista/2008 (SMB2.0) Remote Command Execution
08.09.2009
Laurent Gaffi
Med.
MS Internet Explorer (Javascript SetAttribute) Remote Crash Exploit
02.09.2009
Irfan Asrar
High
Borland VisiBroker Smart Agent <= 08.00.00.C1.03 Remote Heap Overflow Vulnerability
31.08.2009
Luigi Auriemma
High
LogMeIn Remote Access Utility ActiveX Memory Corruption
27.08.2009
Yag Kohha
Med.
DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome
26.08.2009
MustLive
Med.
Security Notice for CA Host-Based Intrusion Prevention System
26.08.2009
Kotas
Low
Failed assertion in the Unreal engine
24.08.2009
Luigi Auriemma
Med.
Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service
20.08.2009
Maksymilian Arciemowic...
High
AST-2009-005: Remote Crash Vulnerability in SIP channel driver
14.08.2009
Asterisk Security Team
High
OpenBSD 4.3 up to 4.5: PF null pointer dereference - remote DoS
12.08.2009
rembrandt
Med.
DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome
26.07.2009
MustLive
High
One bug to rule them all Firefox, IE, Safari, Opera, Chrome, Seamonkey
26.07.2009
Thierry Zoller
Low
Apache (mod_deflate) Denial of Service Vulnerability
12.07.2009
Franois Guerraz
High
phion airlock Web Application Firewall: Remote DoS & Command Execution
07.07.2009
Kirchner Michael
Med.
Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
04.06.2009
CORE Security Technolo...
Med.
Firefox (all?) Denial of Service through unclamped loop (SVG)
02.06.2009
Thierry Zoller
Med.
TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit
20.05.2009
Jonathan Salwan
Med.
Google Chrome 1.0.154.53 (Null Pointer) Remote Crash
05.05.2009
Aditya K Sood
Med.
Mac OS X xnu <= 1228.3.13 (macfsstat) Local Kernel Memory Leak/DoS
05.04.2009
mu-b


CVEMAP Search Results

CVE
Details
Description
2019-04-17
High
CVE-2018-16561

Vendor: Siemens
Software: Simatic s7-3...
 

 
A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

 
Medium
CVE-2019-9220

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.

 
Medium
CVE-2019-1721

Vendor: Cisco
Software: Telepresence...
 

 
A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.

 
2019-04-10
Medium
CVE-2019-0031

Vendor: Juniper
Software: Junos
 

 
Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.

 
Medium
CVE-2019-0038

Vendor: Juniper
Software: Junos
 

 
Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform.

 
2019-04-08
Low
CVE-2018-1997

Vendor: IBM
Software: Business aut...
 

 
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.

 
2019-04-03
Low
CVE-2018-4290

Vendor: Apple
Software: Iphone os
 

 
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.

 
Low
CVE-2018-4351

Vendor: Apple
Software: Mac os x
 

 
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.

 
Medium
CVE-2018-4361

Vendor: Apple
Software: Icloud
 

 
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

 
Medium
CVE-2018-4366

Vendor: Apple
Software: Iphone os
 

 
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top