Total
2851 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17145 | 7 Bcoin, Bitcoin, Bitcoinknots and 4 more | 7 Bcoin, Bitcoin Core, Bitcoin Knots and 4 more | 2024-08-05 | 7.5 High |
| Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15. | ||||
| CVE-2018-17159 | 1 Freebsd | 1 Freebsd | 2024-08-05 | N/A |
| In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation. | ||||
| CVE-2018-16949 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-08-05 | N/A |
| An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. | ||||
| CVE-2018-16878 | 6 Canonical, Clusterlabs, Debian and 3 more | 9 Ubuntu Linux, Pacemaker, Debian Linux and 6 more | 2024-08-05 | 5.5 Medium |
| A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS | ||||
| CVE-2018-16853 | 1 Samba | 1 Samba | 2024-08-05 | N/A |
| Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command. | ||||
| CVE-2018-16843 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2024-08-05 | 7.5 High |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | ||||
| CVE-2018-16844 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2024-08-05 | 7.5 High |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | ||||
| CVE-2018-16848 | 1 Redhat | 1 Openstack-mistral | 2024-08-05 | 6.5 Medium |
| A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. | ||||
| CVE-2018-16845 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2024-08-05 | 6.1 Medium |
| nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. | ||||
| CVE-2018-16750 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-08-05 | 6.5 Medium |
| In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. | ||||
| CVE-2018-16645 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-08-05 | N/A |
| There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. | ||||
| CVE-2018-16548 | 2 Redhat, Zziplib Project | 2 Enterprise Linux, Zziplib | 2024-08-05 | N/A |
| An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. | ||||
| CVE-2018-16490 | 1 Mpath Project | 1 Mpath | 2024-08-05 | N/A |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | ||||
| CVE-2018-16492 | 2 Extend Project, Redhat | 2 Extend, Quay | 2024-08-05 | N/A |
| A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | ||||
| CVE-2018-16472 | 2 Cached-path-relative Project, Debian | 2 Cached-path-relative, Debian Linux | 2024-08-05 | 7.5 High |
| A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. | ||||
| CVE-2018-16486 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-08-05 | N/A |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | ||||
| CVE-2018-16491 | 1 Dreamerslab | 1 Node.extend | 2024-08-05 | N/A |
| A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | ||||
| CVE-2018-16487 | 1 Lodash | 1 Lodash | 2024-08-05 | 5.6 Medium |
| A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. | ||||
| CVE-2018-16470 | 2 Rack Project, Redhat | 3 Rack, Satellite, Satellite Capsule | 2024-08-05 | N/A |
| There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. | ||||
| CVE-2018-16489 | 1 Just-extend Project | 1 Just-extend | 2024-08-05 | 9.8 Critical |
| A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | ||||