Total
1438 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-3305 | 1 Cisco | 13 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 10 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
CVE-2020-1950 | 4 Apache, Canonical, Debian and 1 more | 6 Tika, Ubuntu Linux, Debian Linux and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | |||||
CVE-2020-0169 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123700383 | |||||
CVE-2020-8185 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | |||||
CVE-2020-7733 | 2 Oracle, Ua-parser-js Project | 2 Communications Cloud Native Core Network Function Cloud Native Environment, Ua-parser-js | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | |||||
CVE-2019-15584 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | |||||
CVE-2020-3168 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2023-12-10 | 7.1 HIGH | 7.5 HIGH |
A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. | |||||
CVE-2019-16671 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. | |||||
CVE-2012-6083 | 1 Freeciv | 1 Freeciv | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet. | |||||
CVE-2018-19152 | 1 Emercoin | 1 Emercoin | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM. | |||||
CVE-2019-5149 | 1 Wago | 4 Pfc100, Pfc100 Firmware, Pfc200 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14). | |||||
CVE-2019-20176 | 2 Fedoraproject, Pureftpd | 2 Fedora, Pure-ftpd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. | |||||
CVE-2018-19161 | 1 Alqo | 1 Alqo | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
CVE-2020-8992 | 4 Canonical, Linux, Netapp and 1 more | 11 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | |||||
CVE-2013-4120 | 1 Theforeman | 1 Katello | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Katello has a Denial of Service vulnerability in API OAuth authentication | |||||
CVE-2011-4082 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | |||||
CVE-2018-19163 | 1 Stratisplatform | 1 Stratisx | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
CVE-2018-19159 | 1 Luxcore | 1 Lux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
CVE-2018-19165 | 1 Nebl | 1 Neblio | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | |||||
CVE-2020-3132 | 1 Cisco | 2 Cloud Email Security, Email Security Appliance | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur. |