Total
1150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10364 | 1 Mikrotik | 26 Ccr1009-7g-1c-1s\+, Ccr1009-7g-1c-1s\+pc, Ccr1009-7g-1c-pc and 23 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. | |||||
| CVE-2020-0353 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777526 | |||||
| CVE-2020-0160 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364 | |||||
| CVE-2019-9705 | 3 Cron Project, Debian, Fedoraproject | 3 Cron, Debian Linux, Fedora | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. | |||||
| CVE-2019-9291 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112159179 | |||||
| CVE-2019-9076 | 2 Gnu, Netapp | 2 Binutils, Element Software Management | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. | |||||
| CVE-2019-9073 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. | |||||
| CVE-2019-9072 | 2 Gnu, Netapp | 3 Binutils, Hci Management Node, Solidfire | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. | |||||
| CVE-2019-9012 | 1 Codesys | 10 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. | |||||
| CVE-2019-8955 | 1 Torproject | 1 Tor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. | |||||
| CVE-2019-7704 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt. | |||||
| CVE-2019-7698 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. | |||||
| CVE-2019-7582 | 2 Canonical, Libming | 2 Ubuntu Linux, Libming | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure. | |||||
| CVE-2019-7581 | 2 Canonical, Libming | 2 Ubuntu Linux, Libming | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876. | |||||
| CVE-2019-7148 | 1 Elfutils Project | 1 Elfutils | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." | |||||
| CVE-2019-6988 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. | |||||
| CVE-2019-6975 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. | |||||
| CVE-2019-6966 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. | |||||
| CVE-2019-6486 | 3 Debian, Golang, Opensuse | 3 Debian Linux, Go, Leap | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. | |||||
| CVE-2019-6120 | 1 Nicehash | 1 Miner | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses. | |||||