Total
1928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1114 | 1 Redhat | 3 Undertow, Virtualization, Virtualization Host | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. | |||||
| CVE-2018-17898 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable. | |||||
| CVE-2018-16853 | 1 Samba | 1 Samba | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command. | |||||
| CVE-2018-16492 | 1 Extend Project | 1 Extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16491 | 1 Dreamerslab | 1 Node.extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16490 | 1 Mpath Project | 1 Mpath | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16489 | 1 Just-extend Project | 1 Just-extend | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | |||||
| CVE-2018-16486 | 1 Defaults-deep Project | 1 Defaults-deep | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | |||||
| CVE-2018-16469 | 1 Merge Project | 1 Merge | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. | |||||
| CVE-2018-15464 | 1 Cisco | 1 Asr 900 Series Software | 2019-10-09 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition. | |||||
| CVE-2018-15443 | 1 Cisco | 1 Firepower System Software | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. | |||||
| CVE-2018-15396 | 1 Cisco | 1 Unity Connection | 2019-10-09 | 4.0 MEDIUM | 6.8 MEDIUM |
| A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. | |||||
| CVE-2018-14827 | 1 Rockwellautomation | 1 Rslinx | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality. | |||||
| CVE-2018-14648 | 3 Debian, Fedoraproject, Redhat | 3 Debian Linux, 389 Directory Server, Enterprise Linux | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. | |||||
| CVE-2018-14638 | 2 Fedoraproject, Redhat | 7 389 Directory Server, Enterprise Linux Aus, Enterprise Linux Desktop and 4 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. | |||||
| CVE-2018-14629 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. | |||||
| CVE-2018-14626 | 1 Powerdns | 2 Authoritative, Recursor | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. | |||||
| CVE-2018-13994 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. | |||||
| CVE-2018-13815 | 1 Siemens | 4 Simatic S7-1200, Simatic S7-1200 Firmware, Simatic S7-1500 and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-13296 | 1 Synology | 1 Mailplus Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. | |||||