Total
2877 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11391 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-08-04 | 5.3 Medium |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | ||||
| CVE-2019-11390 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-08-04 | 5.3 Medium |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | ||||
| CVE-2019-11389 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-08-04 | 5.3 Medium |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | ||||
| CVE-2019-11939 | 1 Facebook | 1 Thrift | 2024-08-04 | 7.5 High |
| Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | ||||
| CVE-2019-11890 | 1 Sony | 2 Bravia, Bravia Firmware | 2024-08-04 | N/A |
| Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. | ||||
| CVE-2019-11470 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-08-04 | N/A |
| The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. | ||||
| CVE-2019-11463 | 1 Libarchive | 1 Libarchive | 2024-08-04 | 5.5 Medium |
| A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. | ||||
| CVE-2019-11387 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-08-04 | 5.3 Medium |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. | ||||
| CVE-2019-11026 | 2 Fedoraproject, Freedesktop | 2 Fedora, Poppler | 2024-08-04 | 6.5 Medium |
| FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. | ||||
| CVE-2019-10977 | 1 Mitsubishielectric | 2 Qj71e71-100, Qj71e71-100 Firmware | 2024-08-04 | 7.5 High |
| In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. | ||||
| CVE-2019-10972 | 1 Mitsubishielectric | 1 Electric Fr Configurator2 | 2024-08-04 | 5.5 Medium |
| Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted. | ||||
| CVE-2019-10948 | 1 Fujifilm | 6 Cr-ir 357 Fcr Capsula X, Cr-ir 357 Fcr Capsula X Firmware, Cr-ir 357 Fcr Carbon X and 3 more | 2024-08-04 | N/A |
| Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted. | ||||
| CVE-2019-10942 | 1 Siemens | 6 Scalance X-200, Scalance X-200 Firmware, Scalance X-200irt and 3 more | 2024-08-04 | 8.6 High |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. | ||||
| CVE-2019-10953 | 5 Abb, Phoenixcontact, Schneider-electric and 2 more | 20 Pm554-tp-eth, Pm554-tp-eth Firmware, Ilc 151 Eth and 17 more | 2024-08-04 | 7.5 High |
| ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. | ||||
| CVE-2019-10952 | 1 Rockwellautomation | 8 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compactlogix 5370 L1 and 5 more | 2024-08-04 | 9.8 Critical |
| An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. | ||||
| CVE-2019-10936 | 1 Siemens | 130 Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware, Ek-ertec 200 and 127 more | 2024-08-04 | 7.5 High |
| Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. | ||||
| CVE-2019-10775 | 1 Ecstatic Project | 1 Ecstatic | 2024-08-04 | 7.5 High |
| ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. | ||||
| CVE-2019-10750 | 1 Deeply Project | 1 Deeply | 2024-08-04 | 9.8 Critical |
| deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. | ||||
| CVE-2019-10747 | 2 Redhat, Set-value Project | 3 Enterprise Linux, Rhel Software Collections, Set-value | 2024-08-04 | 9.8 Critical |
| set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. | ||||
| CVE-2019-10649 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-08-04 | 5.5 Medium |
| In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. | ||||