Total
882 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3711 | 1 Fastify | 1 Fastify | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | |||||
| CVE-2018-21035 | 1 Qt | 1 Qt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | |||||
| CVE-2018-20659 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls. | |||||
| CVE-2018-20652 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception. | |||||
| CVE-2018-20421 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }" followed by a "c[0xC800000] = 0xFF" assignment. | |||||
| CVE-2018-20095 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls. | |||||
| CVE-2018-20033 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. | |||||
| CVE-2018-1779 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802. | |||||
| CVE-2018-1647 | 1 Ibm | 1 Qradar Incident Forensics | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650. | |||||
| CVE-2018-1274 | 1 Pivotal Software | 2 Spring Data Commons, Spring Data Rest | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption). | |||||
| CVE-2018-16865 | 5 Canonical, Debian, Oracle and 2 more | 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. | |||||
| CVE-2018-16864 | 5 Canonical, Debian, Oracle and 2 more | 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. | |||||
| CVE-2018-16846 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. | |||||
| CVE-2018-16645 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. | |||||
| CVE-2018-15462 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device. | |||||
| CVE-2018-15460 | 1 Cisco | 2 Asyncos, Email Security Appliance | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages. | |||||
| CVE-2018-15458 | 1 Cisco | 1 Firepower Management Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable. | |||||
| CVE-2018-15404 | 1 Cisco | 2 Integrated Management Controller Supervisor, Unified Computing System Director | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient restrictions on the size or total amount of resources allowed via the web interface. An attacker who has valid credentials for the application could exploit this vulnerability by sending a crafted or malformed HTTP request to the web interface. A successful exploit could allow the attacker to cause oversubscription of system resources or cause a component to become unresponsive, resulting in a DoS condition. | |||||
| CVE-2018-15399 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | 7.1 HIGH | 6.8 MEDIUM |
| A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS. | |||||
| CVE-2018-15383 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition. | |||||