Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-16100 | 1 Gallagher | 1 Command Centre | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | |||||
CVE-2020-5416 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. | |||||
CVE-2020-16233 | 1 Wibu | 1 Codemeter | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. | |||||
CVE-2020-5926 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache. | |||||
CVE-2020-4325 | 1 Ibm | 2 Cloud Pak For Automation, Process Federation Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596. | |||||
CVE-2019-12625 | 1 Clamav | 1 Clamav | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | |||||
CVE-2020-0549 | 5 Canonical, Debian, Fedoraproject and 2 more | 858 Ubuntu Linux, Debian Linux, Fedora and 855 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2019-15262 | 1 Cisco | 4 5508 Wireless Lan Controller, 5508 Wireless Lan Controller Firmware, 5520 Wireless Lan Controller and 1 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition. | |||||
CVE-2020-7220 | 1 Hashicorp | 1 Vault | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2. | |||||
CVE-2019-5636 | 1 Beckhoff | 1 Twincat | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior). | |||||
CVE-2013-4133 | 2 Debian, Kde | 2 Debian Linux, Kde-workspace | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
kde-workspace before 4.10.5 has a memory leak in plasma desktop | |||||
CVE-2020-1827 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. | |||||
CVE-2020-0548 | 1 Intel | 854 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 851 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2019-19886 | 2 Fedoraproject, Trustwave | 2 Fedora, Modsecurity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | |||||
CVE-2019-15302 | 1 Xwiki | 1 Cryptpad | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. | |||||
CVE-2019-5607 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail. | |||||
CVE-2019-6163 | 1 Lenovo | 24 B Series, C100, C200 and 21 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. | |||||
CVE-2019-5603 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. | |||||
CVE-2019-1705 | 1 Cisco | 9 Adaptive Security Appliance Software, Asa 5506-x, Asa 5506h-x and 6 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition. | |||||
CVE-2018-8406 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405. |