Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20699 | 2 Docker, Redhat | 2 Engine, Enterprise Linux Server | 2019-03-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | |||||
| CVE-2018-15469 | 2 Debian, Xen | 2 Debian Linux, Xen | 2019-03-08 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). | |||||
| CVE-2017-15701 | 1 Apache | 1 Qpid Java | 2019-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected. | |||||
| CVE-2018-16949 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2019-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. | |||||
| CVE-2019-9587 | 1 Glyphandcog | 1 Xpdfreader | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. | |||||
| CVE-2017-14223 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2019-03-05 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | |||||
| CVE-2018-6389 | 1 Wordpress | 1 Wordpress | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. | |||||
| CVE-2019-8909 | 1 Wtcms Project | 1 Wtcms | 2019-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image. | |||||
| CVE-2018-15772 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2019-02-04 | 3.6 LOW | 7.1 HIGH |
| Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. | |||||
| CVE-2018-20186 | 1 Axiosys | 1 Bento4 | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2018-20502 | 1 Axiosys | 1 Bento4 | 2019-01-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp. | |||||
| CVE-2016-9310 | 1 Ntp | 1 Ntp | 2019-01-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | |||||
| CVE-2016-7428 | 1 Ntp | 1 Ntp | 2019-01-24 | 3.3 LOW | 4.3 MEDIUM |
| ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | |||||
| CVE-2016-7427 | 1 Ntp | 1 Ntp | 2019-01-24 | 3.3 LOW | 4.3 MEDIUM |
| The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. | |||||
| CVE-2018-20543 | 1 Libxsmm Project | 1 Libxsmm | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. | |||||
| CVE-2017-9732 | 1 Secure-endpoints | 1 Kerberised Netcat | 2019-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host. | |||||
| CVE-2018-17159 | 1 Freebsd | 1 Freebsd | 2018-12-31 | 7.8 HIGH | 7.5 HIGH |
| In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation. | |||||
| CVE-2017-6017 | 1 Schneider-electric | 30 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 27 more | 2018-12-24 | 7.8 HIGH | 7.5 HIGH |
| A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. | |||||
| CVE-2018-0700 | 1 Hyuki | 1 Yukiwiki | 2018-12-17 | 7.8 HIGH | 7.5 HIGH |
| YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition. | |||||
| CVE-2018-18853 | 1 Lightbend | 1 Spray-json | 2018-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. | |||||