Total
1934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13232 | 2 Debian, Unzip Project | 2 Debian Linux, Unzip | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | |||||
| CVE-2019-13011 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. | |||||
| CVE-2019-13009 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. | |||||
| CVE-2019-13007 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-13003 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-12659 | 1 Cisco | 2 Cbr-8 Converged Broadband Router, Ios Xe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of long-lived connections to the HTTP service on the device. A successful exploit could allow the attacker to cause the HTTP server to crash. | |||||
| CVE-2019-12420 | 2 Apache, Debian | 2 Spamassassin, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. | |||||
| CVE-2019-11890 | 1 Sony | 2 Bravia, Bravia Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. | |||||
| CVE-2019-11478 | 6 Canonical, F5, Ivanti and 3 more | 24 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. | |||||
| CVE-2019-11470 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. | |||||
| CVE-2019-11391 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11390 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11389 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11388 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity | |||||
| CVE-2019-11387 | 1 Modsecurity | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. | |||||
| CVE-2019-10952 | 1 Rockwellautomation | 8 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compactlogix 5370 L1 and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. | |||||
| CVE-2019-10948 | 1 Fujifilm | 6 Cr-ir 357 Fcr Capsula X, Cr-ir 357 Fcr Capsula X Firmware, Cr-ir 357 Fcr Carbon X and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted. | |||||
| CVE-2019-10942 | 1 Siemens | 6 Scalance X-200, Scalance X-200 Firmware, Scalance X-200irt and 3 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. | |||||
| CVE-2019-10936 | 1 Siemens | 130 Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware, Ek-ertec 200 and 127 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. | |||||
| CVE-2019-10923 | 1 Siemens | 78 Cp1604, Cp1604 Firmware, Cp1616 and 75 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. | |||||