Vulnerability & Exploit Database

Displaying entries 81 - 90 of 138714 in total

Debian: CVE-2018-16845: nginx -- security update Vulnerability

  • Severity: 4
  • Published: November 06, 2018

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_ht...

Debian: CVE-2018-16844: nginx -- security update Vulnerability

  • Severity: 4
  • Published: November 06, 2018

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Debian: CVE-2018-16843: nginx -- security update Vulnerability

  • Severity: 4
  • Published: November 06, 2018

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Gentoo Linux: CVE-2018-18820: Icecast: Arbitrary code execution Vulnerability

  • Severity: 4
  • Published: November 05, 2018

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

Cisco ASA: CVE-2018-15454: Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability (cisco-sa-20181031-asaftd-sip-dos) Vulnerability

  • Severity: 4
  • Published: November 01, 2018

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The v...