Total
2541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3677 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 4.0 MEDIUM | N/A |
| Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. | |||||
| CVE-2010-3678 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 4.0 MEDIUM | N/A |
| Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. | |||||
| CVE-2011-5049 | 1 Microsoft | 1 Windows | 2019-12-17 | 4.3 MEDIUM | N/A |
| MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. | |||||
| CVE-2015-7697 | 3 Canonical, Debian, Unzip Project | 3 Ubuntu Linux, Debian Linux, Unzip | 2019-12-16 | 4.3 MEDIUM | N/A |
| Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. | |||||
| CVE-2011-1521 | 1 Python | 1 Python | 2019-10-25 | 6.4 MEDIUM | N/A |
| The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | |||||
| CVE-2012-0845 | 1 Python | 1 Python | 2019-10-25 | 5.0 MEDIUM | N/A |
| SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. | |||||
| CVE-2017-14232 | 2 Flif, Jasper Project | 2 Flif, Jasper | 2019-10-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. | |||||
| CVE-2019-1700 | 1 Cisco | 2 Firepower 9000, Firepower 9000 Firmware | 2019-10-09 | 5.7 MEDIUM | 6.1 MEDIUM |
| A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Manual intervention may be required before a device will resume normal operations. The vulnerability is due to a logic error in the FPGA related to the processing of different types of input packets. An attacker could exploit this vulnerability by being on the adjacent subnet and sending a crafted sequence of input packets to a specific interface on an affected device. A successful exploit could allow the attacker to cause a queue wedge condition on the interface. When a wedge occurs, the affected device will stop processing any additional packets that are received on the wedged interface. Version 2.2 is affected. | |||||
| CVE-2016-9225 | 1 Cisco | 1 Asa Cx Context-aware Security Software | 2019-10-09 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946. | |||||
| CVE-2016-4921 | 1 Juniper | 1 Junos | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.3 prior to 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. | |||||
| CVE-2016-1584 | 1 Unity8 | 1 Unity8 | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input. | |||||
| CVE-2016-10527 | 1 Riot.js | 1 Riot-compiler | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions. | |||||
| CVE-2014-10064 | 1 Qs Project | 1 Qs | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring. | |||||
| CVE-2011-1854 | 1 Hp | 1 Intelligent Management Center | 2019-10-09 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler. | |||||
| CVE-2011-1515 | 1 Hp | 1 Openview Storage Data Protector | 2019-10-09 | 5.0 MEDIUM | N/A |
| The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters. | |||||
| CVE-2007-4772 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2019-10-09 | 4.0 MEDIUM | N/A |
| The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. | |||||
| CVE-2007-2246 | 2 Hp, Sendmail | 2 Hp-ux, Sendmail | 2019-10-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434. | |||||
| CVE-2015-7581 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route. | |||||
| CVE-2016-0751 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. | |||||
| CVE-2007-4496 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2019-08-01 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors. | |||||