Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17359 | 4 Apache, Bouncycastle, Netapp and 1 more | 21 Tomee, Legion-of-the-bouncy-castle-java-crytography-api, Active Iq Unified Manager and 18 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. | |||||
| CVE-2019-17351 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. | |||||
| CVE-2019-17067 | 2 Microsoft, Putty | 2 Windows, Putty | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | |||||
| CVE-2019-16889 | 1 Ui | 24 Ep-r6, Ep-r6 Firmware, Ep-r8 and 21 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | |||||
| CVE-2019-16865 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. | |||||
| CVE-2019-16770 | 2 Debian, Puma | 2 Debian Linux, Puma | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2. | |||||
| CVE-2019-15753 | 1 Openstack | 1 Os-vif | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. | |||||
| CVE-2019-15736 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. | |||||
| CVE-2019-15722 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | |||||
| CVE-2019-15593 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. | |||||
| CVE-2019-15544 | 2 Apache, Rust-protobuf Project | 2 Hbase, Rust-protobuf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. | |||||
| CVE-2019-15234 | 1 Ushareit | 1 Shareit | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941. | |||||
| CVE-2019-15225 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993. | |||||
| CVE-2019-15165 | 7 Apple, Canonical, Debian and 4 more | 11 Ipados, Iphone Os, Mac Os X and 8 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | |||||
| CVE-2019-14958 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. | |||||
| CVE-2019-14941 | 1 Ushareit | 1 Shareit | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. | |||||
| CVE-2019-14834 | 2 Fedoraproject, Thekelleys | 2 Fedora, Dnsmasq | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. | |||||
| CVE-2019-13960 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes | |||||
| CVE-2019-13954 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. | |||||
| CVE-2019-13112 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | |||||