Total
1433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19871 | 2 Opensuse, Qt | 2 Leap, Qt | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. | |||||
| CVE-2018-15772 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
| Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. | |||||
| CVE-2018-0029 | 1 Juniper | 6 Ex2300, Ex3400, Junos and 3 more | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
| While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2. | |||||
| CVE-2017-16116 | 1 String Project | 1 String | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. | |||||
| CVE-2017-14177 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. | |||||
| CVE-2017-16114 | 1 Marked Project | 1 Marked | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. | |||||
| CVE-2018-0233 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition. This vulnerability affects Cisco Firepower System Software Releases 6.0.0 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Firewalls with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, Firepower 4100 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower 9300 Series Security Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower Threat Defense Virtual for VMware, Industrial Security Appliance 3000, Sourcefire 3D System Appliances. Cisco Bug IDs: CSCve23031. | |||||
| CVE-2018-0090 | 1 Cisco | 1 Nx-os | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvf31132. | |||||
| CVE-2017-14180 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | |||||
| CVE-2017-14179 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | |||||
| CVE-2017-16099 | 1 No-case Project | 1 No-case | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition. | |||||
| CVE-2017-16086 | 1 Ua-parser Project | 1 Ua-parser | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header. | |||||
| CVE-2017-16129 | 1 Superagent Project | 1 Superagent | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
| The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to. | |||||
| CVE-2018-10070 | 1 Mikrotik | 2 Router, Router Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. | |||||
| CVE-2018-10827 | 1 Litecart | 1 Litecart | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request. | |||||
| CVE-2018-0094 | 1 Cisco | 1 Unified Computing System Central Software | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. | |||||
| CVE-2018-1064 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |||||
| CVE-2016-10524 | 1 I18n-node-angular Project | 1 I18n-node-angular | 2023-12-10 | 6.0 MEDIUM | 8.2 HIGH |
| i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. | |||||
| CVE-2017-16136 | 1 Expressjs | 1 Method-override | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. | |||||
| CVE-2018-12066 | 1 Bird Project | 1 Bird | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. | |||||