Vulnerabilities (CVE)

Filtered by CWE-754
Total 344 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18657 1 Google 1 Android 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017).
CVE-2017-18650 1 Google 1 Android 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017).
CVE-2020-5925 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-02-28 4.3 MEDIUM 7.5 HIGH
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances.
CVE-2020-15658 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-15117 2 Fedoraproject, Symless 2 Fedora, Synergy 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.
CVE-2020-6385 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2019-11139 3 Debian, Intel, Opensuse 116 Debian Linux, Xeon 3104, Xeon 3104 Firmware and 113 more 2024-02-28 2.1 LOW 6.0 MEDIUM
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
CVE-2019-14607 1 Intel 756 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 753 more 2024-02-28 4.6 MEDIUM 5.3 MEDIUM
Improper conditions check in multiple IntelĀ® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-6856 1 Schneider-electric 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.
CVE-2019-14891 3 Fedoraproject, Kubernetes, Redhat 3 Fedora, Cri-o, Openshift Container Platform 2024-02-28 6.0 MEDIUM 5.0 MEDIUM
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.
CVE-2020-4217 1 Ibm 1 Spectrum Scale 2024-02-28 5.0 MEDIUM 7.5 HIGH
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.
CVE-2019-6857 1 Schneider-electric 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.
CVE-2019-15989 1 Cisco 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more 2024-02-28 5.0 MEDIUM 8.6 HIGH
A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim&rsquo;s BGP network on an existing, valid TCP connection to a BGP peer.
CVE-2019-17257 1 Irfanview 1 Irfanview 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.
CVE-2019-0068 1 Juniper 25 Csrx, Junos, Srx100 and 22 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.
CVE-2019-15900 1 Doas Project 1 Doas 2024-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.
CVE-2019-11165 1 Intel 1 Field Programmable Gate Array Software Development Kit For Opencl 2024-02-28 2.1 LOW 5.5 MEDIUM
Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2018-7794 1 Schneider-electric 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.
CVE-2019-15695 2 Opensuse, Tigervnc 2 Leap, Tigervnc 2024-02-28 6.5 MEDIUM 7.2 HIGH
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-19646 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.