Total
2495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10864 | 1 Redhat | 2 Certification, Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. | |||||
| CVE-2018-10851 | 1 Powerdns | 2 Authoritative, Recursor | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. | |||||
| CVE-2018-10827 | 1 Litecart | 1 Litecart | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request. | |||||
| CVE-2018-10632 | 1 Moxa | 6 Nport 5210, Nport 5210 Firmware, Nport 5230 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. | |||||
| CVE-2018-10608 | 1 Selinc | 1 Acselerator Architect | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required. | |||||
| CVE-2018-10607 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. | |||||
| CVE-2018-10585 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Pexip Infinity before 18 allows remote Denial of Service (XML parsing). | |||||
| CVE-2018-10432 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). | |||||
| CVE-2018-10193 | 1 Logmein | 1 Lastpass | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements. | |||||
| CVE-2018-10070 | 1 Mikrotik | 2 Router, Router Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. | |||||
| CVE-2018-1000893 | 1 Bitcoinsv | 1 Bitcoin Sv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions. | |||||
| CVE-2018-1000892 | 1 Bitcoinsv | 1 Bitcoin Sv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages. | |||||
| CVE-2018-1000891 | 1 Bitcoinsv | 1 Bitcoin Sv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums. | |||||
| CVE-2018-1000872 | 1 Pykmip Project | 1 Pykmip | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0. | |||||
| CVE-2018-1000518 | 1 Websockets Project | 1 Websockets | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. | |||||
| CVE-2018-1000115 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. | |||||
| CVE-2018-0700 | 1 Hyuki | 1 Yukiwiki | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition. | |||||
| CVE-2018-0471 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device. | |||||
| CVE-2018-0441 | 1 Cisco | 1 Access Points | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP. | |||||
| CVE-2018-0418 | 1 Cisco | 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. | |||||