CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1999044 399 DoS 2018-08-23 2018-10-16
4.0
None Remote Low Single system None None Partial
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
2 CVE-2018-1999043 399 DoS 2018-08-23 2018-10-26
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.
3 CVE-2018-1000864 DoS 2018-12-10 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
4 CVE-2018-1000838 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.
5 CVE-2018-1000837 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.
6 CVE-2018-1000836 DoS 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server.
7 CVE-2018-1000835 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
8 CVE-2018-1000834 611 DoS 2018-12-20 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
9 CVE-2018-1000833 DoS Exec Code 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
10 CVE-2018-1000832 DoS Exec Code 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
11 CVE-2018-1000831 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.
12 CVE-2018-1000830 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
13 CVE-2018-1000829 DoS 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4.
14 CVE-2018-1000828 611 DoS 2018-12-20 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
15 CVE-2018-1000827 DoS Exec Code 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
16 CVE-2018-1000825 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.
17 CVE-2018-1000824 DoS Exec Code 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
18 CVE-2018-1000823 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
19 CVE-2018-1000822 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.
20 CVE-2018-1000821 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.
21 CVE-2018-1000820 611 DoS 2018-12-20 2019-01-08
7.5
None Remote Low Not required Partial Partial Partial
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.
22 CVE-2018-1000808 404 DoS 2018-10-08 2019-01-17
4.3
None Remote Medium Not required None None Partial
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.
23 CVE-2018-1000807 416 DoS Exec Code 2018-10-08 2019-01-17
7.5
None Remote Low Not required Partial Partial Partial
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
24 CVE-2018-1000802 77 DoS 2018-09-18 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
25 CVE-2018-1000656 20 DoS 2018-08-20 2018-10-29
5.0
None Remote Low Not required None None Partial
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3.
26 CVE-2018-1000652 611 DoS 2018-08-20 2018-10-23
7.5
None Remote Low Not required Partial Partial Partial
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.
27 CVE-2018-1000651 611 DoS 2018-08-20 2018-11-01
7.5
None Remote Low Not required Partial Partial Partial
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.
28 CVE-2018-1000647 254 DoS 2018-08-20 2018-10-16
5.5
None Remote Low Single system None Partial Partial
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.
29 CVE-2018-1000644 611 DoS 2018-08-20 2018-11-01
7.5
None Remote Low Not required Partial Partial Partial
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
30 CVE-2018-1000640 79 DoS XSS 2018-08-20 2018-10-19
4.3
None Remote Medium Not required None Partial None
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter.
31 CVE-2018-1000637 119 DoS Exec Code Overflow 2018-08-20 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
32 CVE-2018-1000624 284 DoS 2018-12-28 2019-01-11
7.8
None Remote Low Not required None None Complete
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.
33 CVE-2018-1000617 20 DoS 2018-07-09 2018-09-08
5.0
None Remote Low Not required None None Partial
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack).
34 CVE-2018-1000615 74 DoS 2018-07-09 2018-09-04
5.0
None Remote Low Not required None None Partial
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..
35 CVE-2018-1000548 611 DoS 2018-06-26 2018-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3.
36 CVE-2018-1000540 611 DoS 2018-06-26 2018-08-20
6.8
None Remote Medium Not required Partial Partial Partial
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.
37 CVE-2018-1000538 774 DoS 2018-06-26 2018-08-23
5.0
None Remote Low Not required None None Partial
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.
38 CVE-2018-1000526 91 DoS 2018-06-26 2018-08-30
5.0
None Remote Low Not required None None Partial
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.
39 CVE-2018-1000524 190 DoS Overflow 2018-06-26 2018-08-28
4.3
None Remote Medium Not required None None Partial
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later.
40 CVE-2018-1000518 400 DoS 2018-06-26 2018-08-30
5.0
None Remote Low Not required None None Partial
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.
41 CVE-2018-1000510 284 DoS CSRF 2018-06-26 2018-08-21
4.0
None Remote Low Single system None None Partial
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24.
42 CVE-2018-1000301 119 DoS Overflow 2018-05-24 2019-01-16
6.4
None Remote Low Not required Partial None Partial
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
43 CVE-2018-1000300 119 DoS Overflow 2018-05-24 2019-01-16
7.5
None Remote Low Not required Partial Partial Partial
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
44 CVE-2018-1000215 399 DoS 2018-08-20 2018-10-16
5.0
None Remote Low Not required None None Partial
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.
45 CVE-2018-1000179 476 DoS 2018-05-08 2018-10-21
5.0
None Remote Low Not required None None Partial
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
46 CVE-2018-1000168 20 DoS 2018-05-08 2018-10-31
5.0
None Remote Low Not required None None Partial
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.
47 CVE-2018-1000155 285 DoS 2018-05-24 2018-06-26
7.5
None Remote Low Not required Partial Partial Partial
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
48 CVE-2018-1000153 352 DoS CSRF 2018-04-05 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection").
49 CVE-2018-1000152 285 DoS 2018-04-05 2018-05-22
6.5
None Remote Low Single system Partial Partial Partial
An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection").
50 CVE-2018-1000122 119 DoS Overflow +Info 2018-03-14 2019-01-16
6.4
None Remote Low Not required Partial None Partial
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
Total number of vulnerabilities : 1852   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.