Total
3388 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6532 | 1 Icinga | 1 Icinga | 2024-11-21 | N/A |
| An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer. | ||||
| CVE-2018-6405 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 6.5 Medium |
| In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. | ||||
| CVE-2018-6389 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. | ||||
| CVE-2018-6352 | 1 Podofo Project | 1 Podofo | 2024-11-21 | N/A |
| In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. | ||||
| CVE-2018-6237 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2024-11-21 | N/A |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. | ||||
| CVE-2018-5954 | 1 Phpfreechat | 1 Phpfreechat | 2024-11-21 | N/A |
| phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. | ||||
| CVE-2018-5819 | 3 Debian, Libraw, Redhat | 4 Debian Linux, Libraw, Ansible Tower and 1 more | 2024-11-21 | N/A |
| An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | ||||
| CVE-2018-5817 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | N/A |
| A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | ||||
| CVE-2018-5816 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2024-11-21 | N/A |
| An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). | ||||
| CVE-2018-5815 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2024-11-21 | N/A |
| An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. | ||||
| CVE-2018-5784 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | N/A |
| In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. | ||||
| CVE-2018-5748 | 2 Debian, Redhat | 10 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 7 more | 2024-11-21 | N/A |
| qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | ||||
| CVE-2018-5744 | 1 Isc | 1 Bind | 2024-11-21 | 7.5 High |
| A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. | ||||
| CVE-2018-5742 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2024-11-21 | 7.5 High |
| While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected. | ||||
| CVE-2018-5737 | 2 Isc, Netapp | 3 Bind, Cloud Backup, Data Ontap Edge | 2024-11-21 | N/A |
| A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1. | ||||
| CVE-2018-5736 | 2 Isc, Netapp | 3 Bind, Cloud Backup, Data Ontap Edge | 2024-11-21 | N/A |
| An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1. | ||||
| CVE-2018-5541 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | N/A |
| When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. | ||||
| CVE-2018-5530 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2024-11-21 | N/A |
| F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". | ||||
| CVE-2018-5501 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. | ||||
| CVE-2018-5500 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. | ||||