Total
2334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3935 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | |||||
| CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | |||||
| CVE-2018-3739 | 1 Https-proxy-agent Project | 1 Https-proxy-agent | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON). | |||||
| CVE-2018-25100 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar. | |||||
| CVE-2018-21250 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. | |||||
| CVE-2018-21240 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | |||||
| CVE-2018-21238 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | |||||
| CVE-2018-20699 | 2 Docker, Redhat | 2 Engine, Enterprise Linux Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | |||||
| CVE-2018-20543 | 1 Libxsmm Project | 1 Libxsmm | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. | |||||
| CVE-2018-20502 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp. | |||||
| CVE-2018-20186 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2018-20169 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. | |||||
| CVE-2018-20030 | 1 Libexif Project | 1 Libexif | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | |||||
| CVE-2018-1786 | 3 Ibm, Linux, Microsoft | 8 Spectrum Protect, Spectrum Protect For Virtual Environments Data Protection For Hyper-v, Spectrum Protect Manager For Virtual Environments Data Protection For Vmware and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871. | |||||
| CVE-2018-1333 | 4 Apache, Canonical, Netapp and 1 more | 6 Http Server, Ubuntu Linux, Cloud Backup and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). | |||||
| CVE-2018-1277 | 1 Cloudfoundry | 2 Cf-deployment, Garden-runc | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell. | |||||
| CVE-2018-1157 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. | |||||
| CVE-2018-1114 | 1 Redhat | 3 Undertow, Virtualization, Virtualization Host | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. | |||||
| CVE-2018-1109 | 1 Braces Project | 1 Braces | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. | |||||
| CVE-2018-1107 | 1 Is-my-json-valid Project | 1 Is-my-json-valid | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated. | |||||