Vulnerabilities (CVE)

Filtered by CWE-670
Total 87 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20430 1 Lustre 1 Lustre 2024-02-28 7.8 HIGH 7.5 HIGH
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
CVE-2019-9946 3 Cncf, Kubernetes, Netapp 3 Portmap, Kubernetes, Cloud Insights 2024-02-28 5.0 MEDIUM 7.5 HIGH
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.
CVE-2019-11412 2 Artifex, Fedoraproject 2 Mujs, Fedora 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.
CVE-2018-19058 4 Canonical, Debian, Freedesktop and 1 more 6 Ubuntu Linux, Debian Linux, Poppler and 3 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVE-2018-19212 1 Webmproject 1 Libwebm 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.
CVE-2018-16766 1 Webassembly Virtual Machine Project 1 Webassembly Virtual Machine 2024-02-28 6.8 MEDIUM 8.8 HIGH
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
CVE-2017-0604 1 Google 1 Android 2024-02-28 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.