Vulnerabilities > Apple > Xcode > 10

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-21	CVE-2019-3855	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. network low complexity libssh2 fedoraproject debian netapp redhat opensuse apple oracle CWE-190	8.8
2018-11-07	CVE-2018-16845	nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. local low complexity f5 debian canonical opensuse apple	6.1
2018-11-07	CVE-2018-16844	nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. network low complexity f5 debian canonical apple	7.5
2018-11-07	CVE-2018-16843	nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. network low complexity f5 debian canonical opensuse apple	7.5
2017-07-13	CVE-2017-7529	Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. network low complexity f5 puppet apple	7.5
2016-02-15	CVE-2016-0747	Resource Exhaustion vulnerability in multiple products The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. network low complexity f5 canonical debian opensuse apple CWE-400	5.3
2016-02-15	CVE-2016-0746	Use After Free vulnerability in multiple products Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. network low complexity f5 canonical debian opensuse apple CWE-416 critical	9.8
2016-02-15	CVE-2016-0742	NULL Pointer Dereference vulnerability in multiple products The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. network low complexity f5 canonical debian opensuse apple redhat CWE-476	7.5