Search Results (2713 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6581 1 Python 2 Hpack, Hyper 2025-04-20 N/A
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.
CVE-2014-3221 1 Huawei 2 Eudemon8000e, Eudemon8000e Firmware 2025-04-20 N/A
Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process becomes slow and users may be unable to log in to the device.
CVE-2016-9954 1 Irregex Project 1 Irregex 2025-04-20 N/A
The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.
CVE-2016-9814 1 Simplesamlphp 2 Saml2, Simplesamlphp 2025-04-20 N/A
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
CVE-2016-9225 1 Cisco 1 Asa Cx Context-aware Security Software 2025-04-20 N/A
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946.
CVE-2016-9221 1 Cisco 1 Aironet Access Point Software 2025-04-20 N/A
A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85).
CVE-2016-9220 1 Cisco 1 Aironet Access Point Software 2025-04-20 N/A
A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91).
CVE-2016-9216 1 Cisco 1 Asr 5000 Series Software 2025-04-20 N/A
An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135.
CVE-2016-10214 1 Virglrenderer Project 1 Virglrenderer 2025-04-20 N/A
Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
CVE-2016-5822 1 Huawei 1 Oceanstor 5800 V3 2025-04-20 N/A
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.
CVE-2016-9195 1 Cisco 1 Wireless Lan Controller 2025-04-20 N/A
A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3).
CVE-2016-9194 1 Cisco 6 Wireless Lan Controller, Wireless Lan Controller 6.0, Wireless Lan Controller 7.0 and 3 more 2025-04-20 N/A
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353.
CVE-2016-10186 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules.
CVE-2015-8345 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 6.5 Medium
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
CVE-2016-10163 1 Virglrenderer Project 1 Virglrenderer 2025-04-20 N/A
Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.
CVE-2014-3224 1 Huawei 14 Quidway S5300, Quidway S5300 Firmware, Quidway S5700 and 11 more 2025-04-20 N/A
Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products.
CVE-2016-6580 1 Python 1 Python Priority Library 2025-04-20 N/A
A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.
CVE-2016-10227 1 Zyxel 4 Nwa3560-n, Nwa3560-n Firmware, Usg50 and 1 more 2025-04-20 N/A
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.
CVE-2016-7448 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2025-04-20 N/A
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVE-2016-10153 1 Linux 1 Linux Kernel 2025-04-20 N/A
The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.