Total
436 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-6809 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. | |||||
CVE-2019-9735 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Neutron, Openstack | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.) | |||||
CVE-2019-3564 | 1 Facebook | 1 Thrift | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. | |||||
CVE-2019-6807 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus. | |||||
CVE-2019-14431 | 1 Matrixssl | 1 Matrixssl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | |||||
CVE-2019-1731 | 1 Cisco | 76 Nexus 3016, Nexus 3048, Nexus 3064 and 73 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally. | |||||
CVE-2019-3559 | 1 Facebook | 1 Thrift | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | |||||
CVE-2018-7849 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. | |||||
CVE-2019-7474 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
CVE-2019-14378 | 1 Libslirp Project | 1 Libslirp | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. | |||||
CVE-2019-3558 | 1 Facebook | 1 Thrift | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | |||||
CVE-2019-9628 | 3 Canonical, Opensuse, Xmltooling Project | 3 Ubuntu Linux, Leap, Xmltooling | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. | |||||
CVE-2019-6829 | 1 Schneider-electric | 4 Modicon M340, Modicon M340 Firmware, Modicon M580 and 1 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. | |||||
CVE-2019-9009 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. | |||||
CVE-2019-11777 | 1 Eclipse | 1 Paho Java Client | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information. | |||||
CVE-2019-6830 | 1 Schneider-electric | 2 Modicon M580, Modicon M580 Firmware | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. | |||||
CVE-2018-7852 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. | |||||
CVE-2019-12449 | 4 Canonical, Fedoraproject, Gnome and 1 more | 4 Ubuntu Linux, Fedora, Gvfs and 1 more | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | |||||
CVE-2019-1635 | 1 Cisco | 32 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 29 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. | |||||
CVE-2018-16781 | 1 Rockcarry | 1 Ffjpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. |