Total
493 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-0060 | 1 Juniper | 25 Csrx, Junos, Srx100 and 22 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series. | |||||
CVE-2019-15894 | 1 Espressif | 1 Esp-idf | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled. | |||||
CVE-2011-2336 | 1 Google | 1 Blink | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. | |||||
CVE-2019-16930 | 1 Z.cash | 1 Zcash | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party. | |||||
CVE-2019-0143 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | |||||
CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-14853 | 1 Python-ecdsa Project | 1 Python-ecdsa | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. | |||||
CVE-2019-1313 | 1 Microsoft | 1 Sql Server Management Studio | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376. | |||||
CVE-2020-5403 | 1 Pivotal | 1 Reactor Netty | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. | |||||
CVE-2019-0051 | 1 Juniper | 4 Junos, Srx5400, Srx5600 and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2. | |||||
CVE-2019-17195 | 3 Apache, Connect2id, Oracle | 15 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 12 more | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | |||||
CVE-2020-10101 | 1 Zammad | 1 Zammad | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process. | |||||
CVE-2019-6844 | 1 Schneider-electric | 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. | |||||
CVE-2020-2583 | 7 Canonical, Debian, Mcafee and 4 more | 24 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 21 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2019-6841 | 1 Schneider-electric | 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. | |||||
CVE-2019-13683 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2011-4625 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | |||||
CVE-2019-0203 | 1 Apache | 1 Subversion | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. | |||||
CVE-2019-11177 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. |