Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16770 | 2 Debian, Puma | 2 Debian Linux, Puma | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2. | |||||
| CVE-2019-15753 | 1 Openstack | 1 Os-vif | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. | |||||
| CVE-2019-15736 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. | |||||
| CVE-2019-15722 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | |||||
| CVE-2019-15593 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. | |||||
| CVE-2019-15544 | 2 Apache, Rust-protobuf Project | 2 Hbase, Rust-protobuf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. | |||||
| CVE-2019-15234 | 1 Ushareit | 1 Shareit | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941. | |||||
| CVE-2019-15225 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993. | |||||
| CVE-2019-15165 | 7 Apple, Canonical, Debian and 4 more | 11 Ipados, Iphone Os, Mac Os X and 8 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | |||||
| CVE-2019-14958 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. | |||||
| CVE-2019-14941 | 1 Ushareit | 1 Shareit | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. | |||||
| CVE-2019-14834 | 2 Fedoraproject, Thekelleys | 2 Fedora, Dnsmasq | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. | |||||
| CVE-2019-13960 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes | |||||
| CVE-2019-13954 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. | |||||
| CVE-2019-13112 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | |||||
| CVE-2019-13074 | 1 Mikrotik | 26 Ccr1009-7g-1c-1s\+, Ccr1009-7g-1c-1s\+pc, Ccr1009-7g-1c-pc and 23 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. | |||||
| CVE-2019-12940 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. | |||||
| CVE-2019-12714 | 1 Cisco | 2 Ic3000 Industrial Compute Gateway, Ic3000 Industrial Compute Gateway Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages system resources. An attacker could exploit this vulnerability by opening a large number of simultaneous sessions on the web-based management interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition of the web-based management interface, preventing normal management operations. | |||||
| CVE-2019-12611 | 1 Bitdefender | 2 Box, Box Firmware | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. | |||||
| CVE-2019-12406 | 2 Apache, Oracle | 4 Cxf, Commerce Guided Search, Flexcube Private Banking and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". | |||||