Total
2242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11387 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. | |||||
| CVE-2019-10948 | 1 Fujifilm | 6 Cr-ir 357 Fcr Capsula X, Cr-ir 357 Fcr Capsula X Firmware, Cr-ir 357 Fcr Carbon X and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted. | |||||
| CVE-2019-10942 | 1 Siemens | 6 Scalance X-200, Scalance X-200 Firmware, Scalance X-200irt and 3 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. | |||||
| CVE-2019-10936 | 1 Siemens | 130 Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware, Ek-ertec 200 and 127 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. | |||||
| CVE-2019-10923 | 1 Siemens | 78 Cp1604, Cp1604 Firmware, Cp1616 and 75 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. | |||||
| CVE-2019-10775 | 1 Ecstatic Project | 1 Ecstatic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. | |||||
| CVE-2019-10750 | 1 Deeply Project | 1 Deeply | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. | |||||
| CVE-2019-10747 | 1 Set-value Project | 1 Set-value | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. | |||||
| CVE-2019-10636 | 1 Marvell | 38 88ss1074, 88ss1074 Firmware, 88ss1079 and 35 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism. | |||||
| CVE-2019-10547 | 1 Qualcomm | 64 Apq8009, Apq8009 Firmware, Apq8053 and 61 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-10504 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 | |||||
| CVE-2019-10113 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption. | |||||
| CVE-2019-1010172 | 1 Jsish | 1 Jsish | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39. | |||||
| CVE-2019-0820 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. | |||||
| CVE-2019-0199 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. | |||||
| CVE-2019-0046 | 1 Juniper | 1 Junos | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device. Affected releases are Juniper Networks Junos OS: 16.1 versions above and including 16.1R1 prior to 16.1R7-S5; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. | |||||
| CVE-2019-0033 | 1 Juniper | 14 Junos, Srx100, Srx110 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series. | |||||
| CVE-2019-0012 | 1 Juniper | 1 Junos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. | |||||
| CVE-2018-8854 | 1 Philips | 1 E-alert Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. | |||||
| CVE-2018-8777 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). | |||||