Total
1574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8492 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | |||||
CVE-2012-0049 | 3 Debian, Fedoraproject, Openttd | 3 Debian Linux, Fedora, Openttd | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | |||||
CVE-2019-15961 | 4 Canonical, Cisco, Clamav and 1 more | 4 Ubuntu Linux, Email Security Appliance Firmware, Clamav and 1 more | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. | |||||
CVE-2019-13555 | 1 Mitsubishielectric | 20 L02\/06\/26cpu, L02\/06\/26cpu-cm, L02\/06\/26cpu-cm Firmware and 17 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. | |||||
CVE-2012-5366 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | |||||
CVE-2019-19922 | 5 Canonical, Debian, Linux and 2 more | 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) | |||||
CVE-2018-19163 | 1 Stratisplatform | 1 Stratisx | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||||
CVE-2019-13921 | 1 Siemens | 1 Simatic Winac Rtx \(f\) 2010 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. | |||||
CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | |||||
CVE-2019-13009 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. | |||||
CVE-2019-12659 | 1 Cisco | 2 Cbr-8 Converged Broadband Router, Ios Xe | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. | |||||
CVE-2012-4863 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability | |||||
CVE-2018-19161 | 1 Alqo | 1 Alqo | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
CVE-2018-19151 | 1 Qtum | 1 Qtum | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | |||||
CVE-2018-19165 | 1 Nebl | 1 Neblio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
CVE-2020-3168 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2024-02-28 | 7.1 HIGH | 7.5 HIGH |
A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. | |||||
CVE-2013-4120 | 1 Theforeman | 1 Katello | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Katello has a Denial of Service vulnerability in API OAuth authentication | |||||
CVE-2018-19155 | 1 Navcoin | 1 Navcoin | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | |||||
CVE-2020-8992 | 4 Canonical, Linux, Netapp and 1 more | 11 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. |