Total
517 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0272 | 1 Cisco | 1 Firepower | 2024-08-05 | N/A |
| A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device. A successful exploit could allow the attacker to degrade the device performance by triggering a persistent high CPU utilization condition. Cisco Bug IDs: CSCvh89340. | ||||
| CVE-2019-25043 | 1 Trustwave | 1 Modsecurity | 2024-08-05 | 5.3 Medium |
| ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. | ||||
| CVE-2019-20422 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 5.5 Medium |
| In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. | ||||
| CVE-2019-20218 | 5 Canonical, Debian, Oracle and 2 more | 5 Ubuntu Linux, Debian Linux, Mysql Workbench and 2 more | 2024-08-05 | 7.5 High |
| selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | ||||
| CVE-2019-19924 | 6 Apache, Netapp, Oracle and 3 more | 6 Bookkeeper, Cloud Backup, Mysql Workbench and 3 more | 2024-08-05 | 5.3 Medium |
| SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | ||||
| CVE-2019-19313 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 7.5 High |
| GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | ||||
| CVE-2019-18668 | 1 Wpwham | 1 Currency Switcher For Woocommerce | 2024-08-05 | 6.5 Medium |
| An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. | ||||
| CVE-2019-17391 | 1 Espressif | 8 Esp32-d0wd, Esp32-d0wd Firmware, Esp32-d2wd and 5 more | 2024-08-05 | 4.6 Medium |
| An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset. | ||||
| CVE-2019-17195 | 4 Apache, Connect2id, Oracle and 1 more | 17 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 14 more | 2024-08-05 | 9.8 Critical |
| Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | ||||
| CVE-2019-16930 | 1 Z.cash | 1 Zcash | 2024-08-05 | 5.3 Medium |
| Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party. | ||||
| CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2024-08-05 | 7.5 High |
| Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | ||||
| CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-08-05 | 7.5 High |
| Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | ||||
| CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-15894 | 1 Espressif | 1 Esp-idf | 2024-08-05 | 6.8 Medium |
| An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled. | ||||
| CVE-2019-14853 | 2 Python-ecdsa Project, Redhat | 3 Python-ecdsa, Satellite, Satellite Capsule | 2024-08-05 | 7.5 High |
| An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. | ||||