Total
1428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12174 | 2 Apache, Redhat | 4 Activemq Artemis, Enterprise Linux, Hornetq and 1 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. | |||||
| CVE-2017-16118 | 1 Forwarded Project | 1 Forwarded | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-17290 | 1 Huawei | 4 Te60, Te60 Firmware, Viewpoint 9030 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client. | |||||
| CVE-2018-10193 | 1 Logmein | 1 Lastpass | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements. | |||||
| CVE-2016-10724 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. | |||||
| CVE-2017-17166 | 1 Huawei | 12 Dp300, Dp300 Firmware, Secospace Usg6300 and 9 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted. | |||||
| CVE-2017-6779 | 1 Cisco | 13 Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment and 10 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823. | |||||
| CVE-2018-5500 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. | |||||
| CVE-2017-16115 | 1 Timespan Project | 1 Timespan | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds. | |||||
| CVE-2018-6532 | 1 Icinga | 1 Icinga | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer. | |||||
| CVE-2018-7651 | 1 Ssri Project | 1 Ssri | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. | |||||
| CVE-2015-9253 | 1 Php | 1 Php | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. | |||||
| CVE-2018-6352 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. | |||||
| CVE-2018-0230 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-12-10 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly validating IP Version 4 (IPv4) and IP Version 6 (IPv6) packets after the software reassembles the packets (following IP Fragmentation). An attacker could exploit this vulnerability by sending a series of malicious, fragmented IPv4 or IPv6 packets to an affected device. A successful exploit could allow the attacker to cause Snort processes on the affected device to hang at 100% CPU utilization, which could cause the device to stop processing traffic and result in a DoS condition until the device is reloaded manually. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.2.1 and 6.2.2, if the software is running on a Cisco Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCvf91098. | |||||
| CVE-2018-8777 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). | |||||
| CVE-2018-0285 | 1 Cisco | 1 Prime Service Catalog | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568. | |||||
| CVE-2018-5954 | 1 Phpfreechat | 1 Phpfreechat | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. | |||||
| CVE-2017-16111 | 1 Content Project | 1 Content | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header. | |||||
| CVE-2018-7540 | 2 Debian, Xen | 2 Debian Linux, Xen | 2023-12-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. | |||||
| CVE-2017-16137 | 1 Debug Project | 1 Debug | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. | |||||