Total
1574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16020 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2019-16018 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2019-9674 | 3 Canonical, Netapp, Python | 3 Ubuntu Linux, Active Iq Unified Manager, Python | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | |||||
| CVE-2014-3447 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability | |||||
| CVE-2011-4082 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | |||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | |||||
| CVE-2012-6083 | 1 Freeciv | 1 Freeciv | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. | |||||
| CVE-2012-5365 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | |||||
| CVE-2013-3691 | 1 Ovislink | 2 Airlive Poe2600hd, Airlive Poe2600hd Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. | |||||
| CVE-2019-15584 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | |||||
| CVE-2020-9369 | 3 Debian, Fedoraproject, Sympa | 3 Debian Linux, Fedora, Sympa | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. | |||||
| CVE-2019-10775 | 1 Ecstatic Project | 1 Ecstatic | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. | |||||
| CVE-2012-0810 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention. | |||||
| CVE-2020-7212 | 1 Python | 1 Urllib3 | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). | |||||
| CVE-2016-1544 | 2 Fedoraproject, Nghttp2 | 2 Fedora, Nghttp2 | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | |||||
| CVE-2014-3211 | 1 Publify Project | 1 Publify | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Publify before 8.0.1 is vulnerable to a Denial of Service attack | |||||
| CVE-2020-1700 | 4 Canonical, Ceph, Opensuse and 1 more | 4 Ubuntu Linux, Ceph, Leap and 1 more | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. | |||||
| CVE-2012-5362 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Vista and 1 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669. | |||||
| CVE-2019-16555 | 1 Jenkins | 1 Build Failure Analyzer | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | |||||
| CVE-2019-12420 | 2 Apache, Debian | 2 Spamassassin, Debian Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. | |||||