Total
2334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10607 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. | |||||
| CVE-2018-10585 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Pexip Infinity before 18 allows remote Denial of Service (XML parsing). | |||||
| CVE-2018-10432 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). | |||||
| CVE-2018-10193 | 1 Logmein | 1 Lastpass | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements. | |||||
| CVE-2018-10070 | 1 Mikrotik | 2 Router, Router Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. | |||||
| CVE-2018-1000893 | 1 Bitcoinsv | 1 Bitcoin Sv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions. | |||||
| CVE-2018-1000892 | 1 Bitcoinsv | 1 Bitcoin Sv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages. | |||||
| CVE-2018-1000891 | 1 Bitcoinsv | 1 Bitcoin Sv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums. | |||||
| CVE-2018-1000872 | 1 Pykmip Project | 1 Pykmip | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0. | |||||
| CVE-2018-1000518 | 1 Websockets Project | 1 Websockets | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. | |||||
| CVE-2018-1000115 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. | |||||
| CVE-2018-0700 | 1 Hyuki | 1 Yukiwiki | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition. | |||||
| CVE-2018-0471 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device. | |||||
| CVE-2018-0441 | 1 Cisco | 1 Access Points | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP. | |||||
| CVE-2018-0418 | 1 Cisco | 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. | |||||
| CVE-2018-0410 | 1 Cisco | 1 Web Security Appliance | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610. | |||||
| CVE-2018-0381 | 1 Cisco | 1 Aironet Access Points | 2024-11-21 | 5.5 MEDIUM | 6.8 MEDIUM |
| A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a deadlock condition that may occur when an affected AP attempts to dequeue aggregated traffic that is destined to an attacker-controlled wireless client. An attacker who can successfully transition between multiple Service Set Identifiers (SSIDs) hosted on the same AP while replicating the required traffic patterns could trigger the deadlock condition. A watchdog timer that detects the condition will trigger a reload of the device, resulting in a DoS condition while the device restarts. | |||||
| CVE-2018-0372 | 1 Cisco | 20 Nexus 92160yc-x, Nexus 92304qc, Nexus 9236c and 17 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI Mode running software version 13.0(1k). The vulnerability can only be exploited when unicast routing is enabled on the Bridge Domain (BD). DHCP and DHCP relay do not have to be configured for the vulnerability to be exploited. Cisco Bug IDs: CSCvg38918. | |||||
| CVE-2018-0309 | 1 Cisco | 40 Nexus 3016, Nexus 3048, Nexus 3064 and 37 more | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136. | |||||
| CVE-2018-0285 | 1 Cisco | 1 Prime Service Catalog | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568. | |||||