Total
2972 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2064 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands. | ||||
| CVE-2016-2061 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. | ||||
| CVE-2016-1784 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-11-21 | N/A |
| The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | ||||
| CVE-2016-1544 | 2 Fedoraproject, Nghttp2 | 2 Fedora, Nghttp2 | 2024-11-21 | 3.3 Low |
| nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | ||||
| CVE-2016-10724 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2024-11-21 | N/A |
| Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. | ||||
| CVE-2016-10544 | 1 Uws Project | 1 Uws | 2024-11-21 | N/A |
| uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8. | ||||
| CVE-2016-10542 | 1 Ws Project | 1 Ws | 2024-11-21 | N/A |
| ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. | ||||
| CVE-2016-10540 | 1 Minimatch Project | 1 Minimatch | 2024-11-21 | N/A |
| Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. | ||||
| CVE-2016-10539 | 1 Negotiator Project | 1 Negotiator | 2024-11-21 | N/A |
| negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. | ||||
| CVE-2016-10527 | 1 Riot.js | 1 Riot-compiler | 2024-11-21 | N/A |
| The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions. | ||||
| CVE-2016-10524 | 1 I18n-node-angular Project | 1 I18n-node-angular | 2024-11-21 | 8.2 High |
| i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. | ||||
| CVE-2016-10523 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2024-11-21 | N/A |
| MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. | ||||
| CVE-2016-10521 | 1 Jshamcrest Project | 1 Jshamcrest | 2024-11-21 | 7.5 High |
| jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | ||||
| CVE-2016-10520 | 1 Jadedown Project | 1 Jadedown | 2024-11-21 | 7.5 High |
| jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2016-10396 | 1 Ipsec-tools | 1 Ipsec-tools | 2024-11-21 | N/A |
| The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. | ||||
| CVE-2016-10058 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.5 Medium |
| Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. | ||||
| CVE-2016-10047 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | ||||
| CVE-2016-1000232 | 3 Ibm, Redhat, Salesforce | 5 Api Connect, Openshift, Openshift Container Platform and 2 more | 2024-11-21 | N/A |
| NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | ||||
| CVE-2016-0747 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2024-11-21 | 5.3 Medium |
| The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. | ||||
| CVE-2016-0738 | 2 Openstack, Redhat | 3 Swift, Openstack, Storage | 2024-11-21 | N/A |
| OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | ||||