CVE & Exploit Intelligence Database

CVE-2018-0471 7.4 HIGH EPSS 0.00

A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.

CWE-772 Oct 05, 2018

CVE-2018-0421 8.6 HIGH EPSS 0.01

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.

CWE-399 Oct 05, 2018

CVE-2018-17967 6.5 MEDIUM EPSS 0.00

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.

CWE-772 Oct 03, 2018

CVE-2018-17966 6.5 MEDIUM EPSS 0.00

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.

CWE-772 Oct 03, 2018

CVE-2018-17965 6.5 MEDIUM EPSS 0.00

ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.

CWE-772 Oct 03, 2018

CVE-2018-17437 6.5 MEDIUM 1 Writeup EPSS 0.00

Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

CWE-772 Sep 24, 2018

CVE-2018-17332 7.5 HIGH EPSS 0.00

An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.

CWE-772 Sep 22, 2018

CVE-2018-17234 6.5 MEDIUM 1 Writeup EPSS 0.00

Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

CWE-772 Sep 20, 2018

CVE-2018-3658 5.3 MEDIUM EPSS 0.01

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

CWE-772 Sep 12, 2018

CVE-2018-16807 7.5 HIGH 1 Writeup EPSS 0.00

In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser.

CWE-772 Sep 11, 2018

CVE-2018-16750 6.5 MEDIUM EPSS 0.00

In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.

CWE-772 Sep 09, 2018

CVE-2018-16641 6.5 MEDIUM 1 Writeup EPSS 0.00

ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.

CWE-772 Sep 06, 2018

CVE-2018-16640 6.5 MEDIUM 1 Writeup EPSS 0.00

ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.

CWE-772 Sep 06, 2018

CVE-2018-16548 6.5 MEDIUM EPSS 0.00

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.

CWE-772 Sep 05, 2018

CVE-2018-6554 5.5 MEDIUM EPSS 0.00

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.

CWE-772 Sep 04, 2018

CVE-2018-10924 5.3 MEDIUM EPSS 0.01

It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.

CWE-772 Sep 04, 2018

CVE-2018-1999043 7.5 HIGH EPSS 0.00

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.

CWE-772 Aug 23, 2018

CVE-2018-1000215 7.5 HIGH EPSS 0.00

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.

CWE-772 Aug 20, 2018

CVE-2018-7994 7.5 HIGH EPSS 0.00

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

CWE-772 Jul 31, 2018

CVE-2018-5536 7.5 HIGH EPSS 0.01

A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.

CWE-772 Jul 25, 2018