Total
2493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6198 | 1 Sandstorm | 1 Sandstorm | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space. | |||||
| CVE-2017-6153 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. | |||||
| CVE-2017-5693 | 1 Intel | 2 Puma, Puma Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic. | |||||
| CVE-2017-3768 | 2 Ibm, Lenova | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease. | |||||
| CVE-2017-3144 | 4 Canonical, Debian, Isc and 1 more | 9 Ubuntu Linux, Debian Linux, Dhcp and 6 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. | |||||
| CVE-2017-3140 | 2 Isc, Netapp | 4 Bind, Data Ontap Edge, Element Software and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1. | |||||
| CVE-2017-1794 | 1 Ibm | 1 Tivoli Monitoring | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039. | |||||
| CVE-2017-18299 | 1 Qualcomm | 38 Mdm9206, Mdm9206 Firmware, Mdm9607 and 35 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 | |||||
| CVE-2017-18214 | 2 Momentjs, Tenable | 2 Moment, Nessus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | |||||
| CVE-2017-17290 | 1 Huawei | 4 Te60, Te60 Firmware, Viewpoint 9030 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client. | |||||
| CVE-2017-17166 | 1 Huawei | 12 Dp300, Dp300 Firmware, Secospace Usg6300 and 9 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted. | |||||
| CVE-2017-16138 | 1 Mime Project | 1 Mime | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | |||||
| CVE-2017-16137 | 1 Debug Project | 1 Debug | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. | |||||
| CVE-2017-16136 | 1 Expressjs | 1 Method-override | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. | |||||
| CVE-2017-16129 | 1 Superagent Project | 1 Superagent | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to. | |||||
| CVE-2017-16119 | 1 Fresh Project | 1 Fresh | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16118 | 1 Forwarded Project | 1 Forwarded | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16117 | 1 Slug Project | 1 Slug | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds. | |||||
| CVE-2017-16116 | 1 String Project | 1 String | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. | |||||
| CVE-2017-16115 | 1 Timespan Project | 1 Timespan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds. | |||||