National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): ddos
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 19 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-15492

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.

Published: August 17, 2018; 10:29:01 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1137

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

Published: May 25, 2018; 08:29:00 AM -04:00
V3: 8.1 HIGH
V2: 5.5 MEDIUM
CVE-2017-17164

Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

Published: February 15, 2018; 11:29:02 AM -05:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2016-8798

Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.

Published: April 02, 2017; 04:59:01 PM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2016-5435

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.

Published: June 24, 2016; 01:59:02 PM -04:00
V3: 5.9 MEDIUM
V2: 7.1 HIGH
CVE-2016-4576

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Published: May 23, 2016; 03:59:09 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2012-6050

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.

Published: November 26, 2012; 11:49:26 PM -05:00
V2: 6.4 MEDIUM
CVE-2011-0331

Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.

Published: March 22, 2011; 01:55:01 PM -04:00
V2: 9.3 HIGH
CVE-2010-2362

Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.

Published: August 25, 2010; 04:00:17 PM -04:00
V2: 10.0 HIGH
CVE-2010-2361

Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.

Published: August 25, 2010; 04:00:17 PM -04:00
V2: 10.0 HIGH
CVE-2010-0302

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Published: March 05, 2010; 02:30:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2009-3553

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Published: November 19, 2009; 09:30:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2009-1639

Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file.

Published: May 15, 2009; 11:30:00 AM -04:00
V2: 9.3 HIGH
CVE-2007-0086

** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

Published: January 05, 2007; 01:28:00 PM -05:00
V2: 7.8 HIGH
CVE-2007-0087

** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

Published: January 05, 2007; 01:28:00 PM -05:00
V2: 7.8 HIGH
CVE-2006-4909

Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.

Published: September 20, 2006; 08:07:00 PM -04:00
V2: 2.6 LOW
CVE-2003-1354

Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.

Published: December 31, 2003; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2003-0468

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

Published: August 27, 2003; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2000-0138

A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.

Published: May 02, 2000; 12:00:00 AM -04:00
V2: 5.0 MEDIUM