Total
434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13467 | 1 Cksic | 2 Cks32f103, Cks32f103 Firmware | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | |||||
CVE-2020-10604 | 1 Osisoft | 1 Pi Data Archive | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. | |||||
CVE-2020-7693 | 1 Sockjs Project | 1 Sockjs | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | |||||
CVE-2017-18659 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017). | |||||
CVE-2011-4625 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | |||||
CVE-2019-19924 | 5 Apache, Netapp, Oracle and 2 more | 5 Bookkeeper, Cloud Backup, Mysql Workbench and 2 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | |||||
CVE-2012-1109 | 1 Pediapress | 1 Mwlib | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions | |||||
CVE-2019-14853 | 1 Python-ecdsa Project | 1 Python-ecdsa | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. | |||||
CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | |||||
CVE-2019-13683 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2019-11177 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2019-17391 | 1 Espressif | 8 Esp32-d0wd, Esp32-d0wd Firmware, Esp32-d2wd and 5 more | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset. | |||||
CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-9510 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later. | |||||
CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | |||||
CVE-2019-6844 | 1 Schneider-electric | 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. | |||||
CVE-2019-6847 | 1 Schneider-electric | 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. | |||||
CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-0060 | 1 Juniper | 25 Csrx, Junos, Srx100 and 22 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series. |