Total
3395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4100 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. | ||||
| CVE-2018-3979 | 2 Canonical, Nvidia | 33 Ubuntu Linux, Geforce Gtx 745, Geforce Gtx 745 Firmware and 30 more | 2024-11-21 | 6.5 Medium |
| A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload). | ||||
| CVE-2018-3935 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 7.5 High |
| An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | ||||
| CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2024-11-21 | N/A |
| `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | ||||
| CVE-2018-3739 | 1 Https-proxy-agent Project | 1 Https-proxy-agent | 2024-11-21 | N/A |
| https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON). | ||||
| CVE-2018-3737 | 2 Joyent, Redhat | 2 Sshpk, Rhel Software Collections | 2024-11-21 | 7.5 High |
| sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. | ||||
| CVE-2018-21270 | 2 Nodejs, Redhat | 2 Node.js, Quay | 2024-11-21 | 6.5 Medium |
| Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). | ||||
| CVE-2018-21250 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. | ||||
| CVE-2018-21240 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
| CVE-2018-21238 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
| CVE-2018-21035 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
| In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | ||||
| CVE-2018-20961 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | ||||
| CVE-2018-20699 | 2 Docker, Redhat | 3 Engine, Enterprise Linux Server, Rhel Extras Other | 2024-11-21 | N/A |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | ||||
| CVE-2018-20657 | 3 F5, Gnu, Redhat | 3 Traffix Signaling Delivery Controller, Binutils, Enterprise Linux | 2024-11-21 | N/A |
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. | ||||
| CVE-2018-20584 | 3 Debian, Jasper Project, Oracle | 3 Debian Linux, Jasper, Outside In Technology | 2024-11-21 | 6.5 Medium |
| JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | ||||
| CVE-2018-20574 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2024-11-21 | N/A |
| The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | ||||
| CVE-2018-20573 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2024-11-21 | N/A |
| The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | ||||
| CVE-2018-20543 | 1 Libxsmm Project | 1 Libxsmm | 2024-11-21 | N/A |
| There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. | ||||
| CVE-2018-20502 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp. | ||||
| CVE-2018-20406 | 4 Debian, Fedoraproject, Python and 1 more | 4 Debian Linux, Fedora, Python and 1 more | 2024-11-21 | N/A |
| Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | ||||