Total
1574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0212 | 1 Apache | 1 Qpid-cpp | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors | |||||
| CVE-2012-5645 | 2 Fedoraproject, Freeciv | 2 Fedora, Freeciv | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. | |||||
| CVE-2019-16022 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2019-14867 | 2 Fedoraproject, Freeipa | 2 Fedora, Freeipa | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. | |||||
| CVE-2019-20146 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-6015 | 1 Fon | 8 Fon2601e-fsw-b, Fon2601e-fsw-b Firmware, Fon2601e-fsw-s and 5 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities. | |||||
| CVE-2019-16671 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. | |||||
| CVE-2019-20176 | 2 Fedoraproject, Pureftpd | 2 Fedora, Pure-ftpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. | |||||
| CVE-2019-14901 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. | |||||
| CVE-2018-19157 | 1 Phore | 1 Phore | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
| CVE-2019-13011 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. | |||||
| CVE-2019-5149 | 1 Wago | 4 Pfc100, Pfc100 Firmware, Pfc200 and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). | |||||
| CVE-2019-13007 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2018-19156 | 1 Pivx | 1 Pivx | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
| CVE-2017-12805 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. | |||||
| CVE-2019-5445 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. | |||||
| CVE-2019-0820 | 2 Microsoft, Redhat | 14 .net Core, .net Framework, Windows 10 and 11 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. | |||||
| CVE-2019-10636 | 1 Marvell | 38 88ss1074, 88ss1074 Firmware, 88ss1079 and 35 more | 2024-02-28 | 4.9 MEDIUM | 4.6 MEDIUM |
| Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism. | |||||
| CVE-2017-12804 | 1 Entropymine | 1 Imageworsener | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file. | |||||
| CVE-2019-9583 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15. | |||||