Total
2723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11890 | 1 Sony | 2 Bravia, Bravia Firmware | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. | |||||
| CVE-2019-11478 | 6 Canonical, F5, Ivanti and 3 more | 24 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. | |||||
| CVE-2019-11470 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | 7.1 HIGH | 6.5 MEDIUM |
| The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. | |||||
| CVE-2019-11391 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11390 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11389 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11388 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11387 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. | |||||
| CVE-2019-10952 | 1 Rockwellautomation | 8 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compactlogix 5370 L1 and 5 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. | |||||
| CVE-2019-10948 | 1 Fujifilm | 6 Cr-ir 357 Fcr Capsula X, Cr-ir 357 Fcr Capsula X Firmware, Cr-ir 357 Fcr Carbon X and 3 more | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted. | |||||
| CVE-2019-10942 | 1 Siemens | 6 Scalance X-200, Scalance X-200 Firmware, Scalance X-200irt and 3 more | 2026-06-17 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. | |||||
| CVE-2019-10936 | 1 Siemens | 130 Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware, Ek-ertec 200 and 127 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. | |||||
| CVE-2019-10923 | 1 Siemens | 78 Cp1604, Cp1604 Firmware, Cp1616 and 75 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. | |||||
| CVE-2019-10775 | 1 Ecstatic Project | 1 Ecstatic | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application. | |||||
| CVE-2019-10750 | 1 Deeply Project | 1 Deeply | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload. | |||||
| CVE-2019-10747 | 1 Set-value Project | 1 Set-value | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. | |||||
| CVE-2019-10636 | 1 Marvell | 38 88ss1074, 88ss1074 Firmware, 88ss1079 and 35 more | 2026-06-17 | 4.9 MEDIUM | 4.6 MEDIUM |
| Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices allow reprogramming flash memory to bypass the secure boot protection mechanism. | |||||
| CVE-2019-10504 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2026-06-17 | 5.0 MEDIUM | 6.5 MEDIUM |
| Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 | |||||
| CVE-2019-10113 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption. | |||||
| CVE-2019-1010172 | 1 Jsish | 1 Jsish | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39. | |||||