Total
400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14630 | 1 Oracle | 1 Enterprise Session Border Controller | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload). Supported versions that are affected are 8.1.0, 8.2.0 and 8.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Enterprise Session Border Controller accessible data and unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H). | |||||
| CVE-2020-14537 | 1 Oracle | 1 Solaris | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H). | |||||
| CVE-2020-14307 | 1 Redhat | 5 Amq, Jboss Enterprise Application Platform Continuous Delivery, Jboss Fuse and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. | |||||
| CVE-2020-12758 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. | |||||
| CVE-2020-12439 | 1 Grin | 1 Grin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. | |||||
| CVE-2020-12049 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Dbus | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | |||||
| CVE-2020-10280 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. | |||||
| CVE-2019-6488 | 1 Gnu | 1 Glibc | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. | |||||
| CVE-2019-6163 | 1 Lenovo | 24 B Series, C100, C200 and 21 more | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. | |||||
| CVE-2019-5636 | 1 Beckhoff | 1 Twincat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior). | |||||
| CVE-2019-5607 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail. | |||||
| CVE-2019-5603 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. | |||||
| CVE-2019-25104 | 1 Rtcwcoop | 1 Rtcwcoop | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The name of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability. | |||||
| CVE-2019-1705 | 1 Cisco | 9 Adaptive Security Appliance Software, Asa 5506-x, Asa 5506h-x and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition. | |||||
| CVE-2019-19886 | 1 Trustwave | 1 Modsecurity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | |||||
| CVE-2019-19343 | 2 Netapp, Redhat | 4 Active Iq Unified Manager, Jboss-remoting, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. | |||||
| CVE-2019-19331 | 2 Debian, Nic | 2 Debian Linux, Knot Resolver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB). | |||||
| CVE-2019-15302 | 1 Xwiki | 1 Cryptpad | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification. | |||||
| CVE-2019-15262 | 1 Cisco | 4 5508 Wireless Lan Controller, 5508 Wireless Lan Controller Firmware, 5520 Wireless Lan Controller and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition. | |||||
| CVE-2019-12625 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | |||||