Total
945 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-15234 | 1 Ushareit | 1 Shareit | 2024-08-05 | 7.5 High |
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941. | ||||
CVE-2019-14958 | 1 Jetbrains | 1 Pycharm | 2024-08-05 | 7.5 High |
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. | ||||
CVE-2019-14941 | 1 Ushareit | 1 Shareit | 2024-08-05 | 7.5 High |
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. | ||||
CVE-2019-14834 | 3 Fedoraproject, Redhat, Thekelleys | 3 Fedora, Enterprise Linux, Dnsmasq | 2024-08-05 | 3.7 Low |
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. | ||||
CVE-2019-13960 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2024-08-05 | N/A |
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes | ||||
CVE-2019-13954 | 1 Mikrotik | 1 Routeros | 2024-08-05 | N/A |
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. | ||||
CVE-2019-13074 | 1 Mikrotik | 26 Ccr1009-7g-1c-1s\+, Ccr1009-7g-1c-1s\+pc, Ccr1009-7g-1c-pc and 23 more | 2024-08-04 | N/A |
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. | ||||
CVE-2019-13112 | 5 Canonical, Debian, Exiv2 and 2 more | 5 Ubuntu Linux, Debian Linux, Exiv2 and 2 more | 2024-08-04 | 6.5 Medium |
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | ||||
CVE-2019-12940 | 1 Livezilla | 1 Livezilla | 2024-08-04 | N/A |
LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. | ||||
CVE-2019-12611 | 1 Bitdefender | 2 Box, Box Firmware | 2024-08-04 | 4.4 Medium |
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. | ||||
CVE-2019-12406 | 3 Apache, Oracle, Redhat | 8 Cxf, Commerce Guided Search, Flexcube Private Banking and 5 more | 2024-08-04 | 6.5 Medium |
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". | ||||
CVE-2019-11923 | 1 Facebook | 1 Mcrouter | 2024-08-04 | 7.5 High |
In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service. | ||||
CVE-2019-11939 | 1 Facebook | 1 Thrift | 2024-08-04 | 7.5 High |
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | ||||
CVE-2019-11938 | 1 Facebook | 1 Thrift | 2024-08-04 | 7.5 High |
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | ||||
CVE-2019-11924 | 1 Facebook | 1 Fizz | 2024-08-04 | N/A |
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00. | ||||
CVE-2019-10972 | 1 Mitsubishielectric | 1 Electric Fr Configurator2 | 2024-08-04 | 5.5 Medium |
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted. | ||||
CVE-2019-10953 | 5 Abb, Phoenixcontact, Schneider-electric and 2 more | 20 Pm554-tp-eth, Pm554-tp-eth Firmware, Ilc 151 Eth and 17 more | 2024-08-04 | 7.5 High |
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. | ||||
CVE-2019-10723 | 1 Podofo Project | 1 Podofo | 2024-08-04 | N/A |
An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. | ||||
CVE-2019-10171 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Enterprise Linux Server Eus, Rhel Eus | 2024-08-04 | 7.5 High |
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. | ||||
CVE-2019-10163 | 2 Opensuse, Powerdns | 3 Backports, Leap, Authoritative | 2024-08-04 | 4.3 Medium |
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. |