Search Results (2177 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-13140 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
CVE-2017-9778 1 Gnu 1 Gdb 2025-04-20 N/A
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
CVE-2017-14938 1 Gnu 1 Binutils 2025-04-20 N/A
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
CVE-2017-12435 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
CVE-2017-6640 1 Cisco 1 Prime Data Center Network Manager 2025-04-20 N/A
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.
CVE-2017-8779 4 Libtirpc Project, Ntirpc Project, Redhat and 1 more 6 Libtirpc, Ntirpc, Ceph Storage and 3 more 2025-04-20 N/A
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
CVE-2017-12432 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
CVE-2022-23524 2 Helm, Redhat 2 Helm, Openshift 2025-04-18 5.3 Medium
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
CVE-2022-42531 1 Google 1 Android 2025-04-17 7.8 High
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A
CVE-2024-57662 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57663 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57664 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2022-31740 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 8.8 High
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
CVE-2022-29503 3 Anker, Uclibc, Uclibc-ng Project 4 Eufy Homebase 2, Eufy Homebase 2 Firmware, Uclibc and 1 more 2025-04-15 9.8 Critical
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
CVE-2024-57722 1 Sammycage 1 Lunasvg 2025-04-15 7.5 High
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_create.
CVE-2022-45434 2 Dahuasecurity, Microsoft 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2025-04-14 5.9 Medium
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
CVE-2016-3508 2 Oracle, Redhat 6 Jdk, Jre, Jrockit and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.
CVE-2015-5220 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Operations Network, Jboss Wildfly Application Server 2025-04-12 N/A
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.
CVE-2015-1420 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-12 N/A
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
CVE-2016-8740 2 Apache, Redhat 3 Http Server, Jboss Core Services, Rhel Software Collections 2025-04-12 N/A
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.