Total
2495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17145 | 7 Bcoin, Bitcoin, Bitcoinknots and 4 more | 7 Bcoin, Bitcoin Core, Bitcoin Knots and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15. | |||||
| CVE-2018-16949 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. | |||||
| CVE-2018-16878 | 6 Canonical, Clusterlabs, Debian and 3 more | 9 Ubuntu Linux, Pacemaker, Debian Linux and 6 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS | |||||
| CVE-2018-16853 | 1 Samba | 1 Samba | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command. | |||||
| CVE-2018-16848 | 1 Redhat | 1 Openstack-mistral | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. | |||||
| CVE-2018-16845 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. | |||||
| CVE-2018-16844 | 4 Apple, Canonical, Debian and 1 more | 4 Xcode, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | |||||
| CVE-2018-16843 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | |||||
| CVE-2018-16492 | 1 Extend Project | 1 Extend | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16491 | 1 Dreamerslab | 1 Node.extend | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16490 | 1 Mpath Project | 1 Mpath | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | |||||
| CVE-2018-16489 | 1 Just-extend Project | 1 Just-extend | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | |||||
| CVE-2018-16487 | 1 Lodash | 1 Lodash | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. | |||||
| CVE-2018-16486 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | |||||
| CVE-2018-16472 | 2 Cached-path-relative Project, Debian | 2 Cached-path-relative, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. | |||||
| CVE-2018-16470 | 1 Rack Project | 1 Rack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. | |||||
| CVE-2018-16469 | 1 Merge Project | 1 Merge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. | |||||
| CVE-2018-16310 | 1 Technicolor | 2 Tg588v, Tg588v Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions | |||||
| CVE-2018-16132 | 1 Signal | 1 Signal | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device. | |||||
| CVE-2018-16131 | 1 Lightbend | 1 Akka Http | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb. | |||||