Total
3474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0173 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313764 | ||||
| CVE-2020-0088 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124389881 | ||||
| CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2024-11-21 | 6.5 Medium |
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | ||||
| CVE-2019-9903 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.5 Medium |
| PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. | ||||
| CVE-2019-9857 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. | ||||
| CVE-2019-9750 | 1 Iotivity | 1 Iotivity | 2024-11-21 | N/A |
| In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01 Unauthorized" response is mishandled. NOTE: the vendor states "While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite." | ||||
| CVE-2019-9721 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-11-21 | 6.5 Medium |
| A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | ||||
| CVE-2019-9718 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 6.5 Medium |
| In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | ||||
| CVE-2019-9717 | 1 Libav | 1 Libav | 2024-11-21 | 6.5 Medium |
| In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf. | ||||
| CVE-2019-9705 | 3 Cron Project, Debian, Fedoraproject | 3 Cron, Debian Linux, Fedora | 2024-11-21 | 5.5 Medium |
| Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. | ||||
| CVE-2019-9704 | 3 Cron Project, Debian, Fedoraproject | 3 Cron, Debian Linux, Fedora | 2024-11-21 | 5.5 Medium |
| Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. | ||||
| CVE-2019-9674 | 3 Canonical, Netapp, Python | 3 Ubuntu Linux, Active Iq Unified Manager, Python | 2024-11-21 | 7.5 High |
| Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | ||||
| CVE-2019-9633 | 1 Gnome | 1 Glib | 2024-11-21 | N/A |
| gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | ||||
| CVE-2019-9587 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | N/A |
| There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. | ||||
| CVE-2019-9583 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2024-11-21 | 8.2 High |
| eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15. | ||||
| CVE-2019-9512 | 6 Apache, Apple, Canonical and 3 more | 24 Traffic Server, Mac Os X, Swiftnio and 21 more | 2024-11-21 | 7.5 High |
| Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | ||||
| CVE-2019-9371 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 6.5 Medium |
| In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 | ||||
| CVE-2019-9349 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124330204 | ||||
| CVE-2019-9220 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. | ||||
| CVE-2019-9076 | 2 Gnu, Netapp | 2 Binutils, Element Software Management | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. | ||||