CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1880 matches found

OSV•added 2018/11/07 2:29 p.m.•1 views

DEBIAN-CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

7.5CVSS6.5AI score0.57804EPSS

Exploits0References1

Nginx•added 2018/11/07 2:0 p.m.•606 views

Excessive memory usage in HTTP/2

Excessive memory usage in HTTP/2 Severity: low CVE-2018-16843 Not vulnerable: 1.15.6+, 1.14.1+ Vulnerable: 1.9.5-1.15.5...

7.8CVSS2.7AI score0.57804EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2018/10/31 12:0 a.m.•28 views

openSUSE Security Update : xen (openSUSE-2018-1331) (Foreshadow)

This update for xen fixes the following issues : XEN was updated to the Xen 4.9.3 bug fix only release bsc1027519 - CVE-2018-17963: qemudeliverpacketiov accepted packet sizes greater than INTMAX, which allows attackers to cause a denial of service or possibly have unspecified other impact...

9.8CVSS7.5AI score0.02527EPSS

Exploits0References14

OSV•added 2018/10/26 11:9 a.m.•8 views

SUSE-SU-2018:3490-1 Security update for xen

This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release bsc1027519 - CVE-2018-17963: qemudeliverpacketiov accepted packet sizes greater than INTMAX, which allows attackers to cause a denial of service or possibly have unspecified other impact...

9.8CVSS7.7AI score0.02527EPSS

Exploits0References15

OSV•added 2018/10/17 4:19 p.m.•0 views

GHSA-45XM-V8GQ-7JQX Excessive memory allocation

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

6.5CVSS6.8AI score0.01294EPSS

Exploits0References19

CNVD•added 2018/09/26 12:0 a.m.•2 views

Python Denial of Service Vulnerability (CNVD-2018-20081)

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. There is a security vulnerability in Python. An attacker can exploit this vulnerability with the help of ...

7.5CVSS6.6AI score0.01247EPSS

Exploits0References1

OpenVAS•added 2018/08/31 12:0 a.m.•57 views

Akka HTTP 10.0.x, 10.1.x Denial of Service vulnerability

Akka HTTP is prone to a Denial of Service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.8CVSS7.5AI score0.01343EPSS

Exploits0References2

OPENSUSE Linux•added 2018/08/24 12:8 p.m.•60 views

Security update for python-Django (moderate)

This update for python-Django to version 2.08 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed a regression in Django 2.0.7 that broke the...

1.9AI score0.0748EPSS

Exploits0References1

Github Security Blog•added 2018/08/23 7:10 p.m.•36 views

Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5CVSS7.4AI score0.00644EPSS

Exploits1References9Affected Software1

NVD•added 2018/08/20 7:31 p.m.•18 views

CVE-2018-1000656

7.5CVSS7.5AI score0.00644EPSS

Exploits1References5

OSV•added 2018/08/20 7:31 p.m.•27 views

CVE-2018-1000656

7.5CVSS7.5AI score

Exploits0References5

PyPA•added 2018/08/20 7:31 p.m.•4 views

PYSEC-2018-66

7.5CVSS6.9AI score0.00644EPSS

Exploits1References6Affected Software1

Prion•added 2018/08/20 7:31 p.m.•16 views

Input validation

5CVSS7.4AI score0.00644EPSS

Exploits1References5Affected Software1

OSV•added 2018/08/20 7:31 p.m.•17 views

PYSEC-2018-53

6.8AI score

Exploits0References5

UbuntuCve•added 2018/08/20 7:31 p.m.•31 views

CVE-2018-1000656

7.5CVSS6.7AI score0.00644EPSS

Exploits1References3

Cvelist•added 2018/08/20 7:0 p.m.•18 views

CVE-2018-1000656

7.5AI score0.00644EPSS

Exploits1References5

CVE•added 2018/08/20 7:0 p.m.•396 views

CVE-2018-1000656

Summary (CVE-2018-1000656) The Flask component of the Pallets Project (Python) prior to 0.12.3 contains a CWE-20 Improper Input Validation vulnerability that can cause excessive memory usage, potentially leading to denial of service. The documented attack vector involves attackers sending JSON da...

7.5CVSS7.4AI score0.00644EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2018/08/20 11:19 a.m.•31 views

CVE-2018-15470

An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the order of evaluation of subexpressions is not...

6.5CVSS0.5AI score0.00182EPSS

Exploits0References2

UbuntuCve•added 2018/08/17 6:29 p.m.•28 views

CVE-2018-15470

6.5CVSS6.9AI score0.00182EPSS

Exploits0References2

OSV•added 2018/08/17 6:29 p.m.•28 views

CVE-2018-15470

6.5CVSS6.4AI score

Exploits0References3

Rows per page