Total
2334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19153 | 1 Particl | 1 Particl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | |||||
| CVE-2018-19152 | 1 Emercoin | 1 Emercoin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | |||||
| CVE-2018-19151 | 1 Qtum | 1 Qtum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | |||||
| CVE-2018-19037 | 1 Virginmedia | 2 Hub 3.0, Hub 3.0 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface. | |||||
| CVE-2018-18960 | 1 Epson | 2 Epson Workforce Wf-2861, Epson Workforce Wf-2861 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. | |||||
| CVE-2018-18898 | 4 Bestpractical, Canonical, Debian and 1 more | 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | |||||
| CVE-2018-18854 | 1 Lightbend | 1 Spray-json | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). | |||||
| CVE-2018-18853 | 1 Lightbend | 1 Spray-json | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. | |||||
| CVE-2018-17985 | 1 Gnu | 1 Binutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters. | |||||
| CVE-2018-17977 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7. | |||||
| CVE-2018-17898 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable. | |||||
| CVE-2018-17581 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | |||||
| CVE-2018-17281 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. | |||||
| CVE-2018-17189 | 7 Apache, Canonical, Debian and 4 more | 13 Http Server, Ubuntu Linux, Debian Linux and 10 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. | |||||
| CVE-2018-17159 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation. | |||||
| CVE-2018-17145 | 7 Bcoin, Bitcoin, Bitcoinknots and 4 more | 7 Bcoin, Bitcoin Core, Bitcoin Knots and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15. | |||||
| CVE-2018-16949 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. | |||||
| CVE-2018-16878 | 6 Canonical, Clusterlabs, Debian and 3 more | 9 Ubuntu Linux, Pacemaker, Debian Linux and 6 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS | |||||
| CVE-2018-16853 | 1 Samba | 1 Samba | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command. | |||||
| CVE-2018-16848 | 1 Redhat | 1 Openstack-mistral | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. | |||||