Total
1928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7935 | 1 Phoenix Contact Gmbh | 2 Mguard, Mguard Firmware | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests. | |||||
| CVE-2017-7651 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. | |||||
| CVE-2017-6779 | 1 Cisco | 13 Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment and 10 more | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823. | |||||
| CVE-2017-6632 | 1 Cisco | 1 Firepower Threat Defense | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072. | |||||
| CVE-2017-6043 | 1 Trihedral | 1 Vtscada | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. | |||||
| CVE-2017-3140 | 2 Isc, Netapp | 4 Bind, Data Ontap Edge, Element Software and 1 more | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1. | |||||
| CVE-2017-2348 | 1 Juniper | 1 Junos | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX. | |||||
| CVE-2017-1794 | 1 Ibm | 1 Tivoli Monitoring | 2019-10-09 | 6.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039. | |||||
| CVE-2017-16138 | 1 Mime Project | 1 Mime | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | |||||
| CVE-2017-16136 | 1 Expressjs | 1 Method-override | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. | |||||
| CVE-2017-16129 | 1 Superagent Project | 1 Superagent | 2019-10-09 | 7.1 HIGH | 5.9 MEDIUM |
| The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to. | |||||
| CVE-2017-16119 | 1 Fresh Project | 1 Fresh | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16118 | 1 Forwarded Project | 1 Forwarded | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16117 | 1 Slug Project | 1 Slug | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds. | |||||
| CVE-2017-16116 | 1 String Project | 1 String | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. | |||||
| CVE-2017-16114 | 1 Marked Project | 1 Marked | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. | |||||
| CVE-2017-16113 | 1 Parsejson Project | 1 Parsejson | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | |||||
| CVE-2017-16111 | 1 Content Project | 1 Content | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header. | |||||
| CVE-2017-16099 | 1 No-case Project | 1 No-case | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition. | |||||
| CVE-2017-16098 | 1 Charset Project | 1 Charset | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low. | |||||