Total
1928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12140 | 1 Imagemagick | 1 Imagemagick | 2020-09-08 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. | |||||
| CVE-2017-1000476 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-09-08 | 7.1 HIGH | 6.5 MEDIUM |
| ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. | |||||
| CVE-2018-15377 | 1 Cisco | 1 Ios | 2020-08-31 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload. | |||||
| CVE-2018-0418 | 1 Cisco | 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more | 2020-08-31 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. | |||||
| CVE-2020-14522 | 1 Softing | 1 Opc | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2019-15549 | 1 Asn1 Der Project | 1 Asn1 Der | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. | |||||
| CVE-2019-11890 | 1 Sony | 2 Bravia, Bravia Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. | |||||
| CVE-2019-6015 | 1 Fon | 8 Fon2601e-fsw-b, Fon2601e-fsw-b Firmware, Fon2601e-fsw-s and 5 more | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities. | |||||
| CVE-2019-9220 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-13009 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. | |||||
| CVE-2019-10636 | 1 Marvell | 38 88ss1074, 88ss1074 Firmware, 88ss1079 and 35 more | 2020-08-24 | 4.9 MEDIUM | 4.6 MEDIUM |
| Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism. | |||||
| CVE-2019-13011 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. | |||||
| CVE-2018-18960 | 1 Epson | 2 Epson Workforce Wf-2861, Epson Workforce Wf-2861 Firmware | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. | |||||
| CVE-2012-0024 | 1 Maradns | 1 Maradns | 2020-08-19 | 7.8 HIGH | N/A |
| MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. | |||||
| CVE-2020-13280 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | |||||
| CVE-2020-9481 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. | |||||
| CVE-2011-4082 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | |||||
| CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||||
| CVE-2014-7970 | 3 Canonical, Linux, Novell | 3 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Server | 2020-08-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. | |||||
| CVE-2014-1500 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2020-08-14 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. | |||||