Lucene search
K

59 matches found

OSV
OSV
added 2018/10/31 5:29 a.m.18 views

CVE-2018-18853

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...

7.5CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2018/10/31 5:29 a.m.22 views

CVE-2018-18854

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of many JSON object fields with keys that have the same hash code...

7.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2018/10/31 5:29 a.m.14 views

Code injection

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...

5CVSS7.4AI score0.01897EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/10/31 5:0 a.m.91 views

CVE-2018-18853

Lightbend Spray spray-json up to 1.3.4 is affected. The vulnerability is a DoS caused by Algorithmic Complexity during parsing of a field with many decimal digits, allowing remote exploitation over the network with no authentication. Impact is resource consumption/availability degradation; CVSS d...

7.5CVSS7.3AI score0.01897EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/10/31 5:0 a.m.73 views

CVE-2018-18854

Lightbend Spray spray-json (up to version 1.3.4) is vulnerable to denial of service via Algorithmic Complexity when parsing many JSON object fields with colliding hash codes. Remote attacker could exhaust resources. Documents consistently describe the issue but do not provide official remediation...

7.5CVSS7.3AI score0.01897EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/31 5:0 a.m.25 views

CVE-2018-18854

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of many JSON object fields with keys that have the same hash code...

7.4AI score0.01897EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/31 5:0 a.m.20 views

CVE-2018-18853

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...

7.4AI score0.01897EPSS
Exploits1References1
OSV
OSV
added 2018/10/22 8:37 p.m.2 views

GHSA-9QGC-P27W-3HJG High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.5CVSS7.1AI score0.03054EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2018/10/22 8:37 p.m.26 views

High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.8CVSS5.1AI score0.03054EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2018/08/30 1:29 p.m.14 views

CVE-2018-16131

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.5CVSS6.8AI score
Exploits0References4
Prion
Prion
added 2018/08/30 1:29 p.m.15 views

Design/Logic Flaw

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.8CVSS7.3AI score0.03054EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/08/30 1:29 p.m.21 views

CVE-2018-16131

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.8CVSS7.4AI score0.03054EPSS
Exploits0References4
CVE
CVE
added 2018/08/30 1:0 p.m.81 views

CVE-2018-16131

The CVE-2018-16131 issue affects Lightbend Akka HTTP, specifically the decodeRequest and decodeRequestWith directives in Akka HTTP 10.0.x (up to 10.0.13) and 10.1.x (up to 10.1.4). The root cause is that these directives allow decompression of unbounded input, enabling a ZIP bomb to cause a denia...

7.8CVSS7.2AI score0.03054EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/08/30 1:0 p.m.18 views

CVE-2018-16131

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.3AI score0.03054EPSS
Exploits0References4
OSV
OSV
added 2018/08/29 10:29 p.m.13 views

CVE-2018-16115

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

9.1CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2018/08/29 10:29 p.m.21 views

Design/Logic Flaw

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

6.4CVSS8.9AI score0.01186EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/08/29 10:29 p.m.18 views

CVE-2018-16115

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

9.1CVSS9AI score0.01186EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/08/29 10:0 p.m.27 views

CVE-2018-16115

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

9.1AI score0.01186EPSS
Exploits0References1
CVE
CVE
added 2018/08/29 10:0 p.m.89 views

CVE-2018-16115

CVE-2018-16115 affects Lightbend Akka 2.5.x prior to 2.5.16, where an RNG bug in AES128CounterSecureRNG/AES256CounterSecureRNG used in Akka Remoting (TLS for classic and Artery) can cause repeated random numbers. This enables an attacker to eavesdrop, replay, or modify messages in Akka Remoting/C...

9.1CVSS8.9AI score0.01186EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder