Vulnerabilities (CVE)

Filtered by CWE-755
Total 479 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3558 1 Facebook 1 Thrift 2024-11-21 5.0 MEDIUM 7.5 HIGH
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
CVE-2019-3552 1 Facebook 1 Thrift 2024-11-21 5.0 MEDIUM 7.5 HIGH
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
CVE-2019-25043 1 Trustwave 1 Modsecurity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
CVE-2019-20422 1 Linux 1 Linux Kernel 2024-11-21 2.1 LOW 5.5 MEDIUM
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
CVE-2019-20218 4 Canonical, Debian, Oracle and 1 more 4 Ubuntu Linux, Debian Linux, Mysql Workbench and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
CVE-2019-1858 1 Cisco 140 7000 10-slot, 7000 18-slot, 7000 4-slot and 137 more 2024-11-21 5.0 MEDIUM 8.6 HIGH
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.
CVE-2019-1731 1 Cisco 76 Nexus 3016, Nexus 3048, Nexus 3064 and 73 more 2024-11-21 2.1 LOW 4.4 MEDIUM
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.
CVE-2019-1691 1 Cisco 1 Firepower Threat Defense 2024-11-21 5.0 MEDIUM 5.8 MEDIUM
A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow the attacker to cause the SNORT detection engine to unexpectedly restart, resulting in a partial DoS condition while the detection engine restarts. Versions prior to 6.2.3.4 are affected.
CVE-2019-1635 1 Cisco 32 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 29 more 2024-11-21 7.8 HIGH 7.5 HIGH
A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.
CVE-2019-1376 1 Microsoft 1 Sql Server Management Studio 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.
CVE-2019-1342 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.
CVE-2019-1313 1 Microsoft 1 Sql Server Management Studio 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.
CVE-2019-19924 5 Apache, Netapp, Oracle and 2 more 5 Bookkeeper, Cloud Backup, Mysql Workbench and 2 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
CVE-2019-17391 1 Espressif 8 Esp32-d0wd, Esp32-d0wd Firmware, Esp32-d2wd and 5 more 2024-11-21 2.1 LOW 4.6 MEDIUM
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset.
CVE-2019-17195 3 Apache, Connect2id, Oracle 15 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 12 more 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-16930 1 Z.cash 1 Zcash 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.
CVE-2019-16901 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 5.0 MEDIUM 7.5 HIGH
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
CVE-2019-16866 2 Canonical, Nlnetlabs 2 Ubuntu Linux, Unbound 2024-11-21 5.0 MEDIUM 7.5 HIGH
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2019-16302 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16301 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution.