Total
3266 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15916 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | ||||
| CVE-2019-15807 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 4.7 Medium |
| In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | ||||
| CVE-2019-15791 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.1 High |
| In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow. | ||||
| CVE-2019-15666 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 4.4 Medium |
| An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | ||||
| CVE-2019-15593 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. | ||||
| CVE-2019-15584 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | ||||
| CVE-2019-15549 | 1 Asn1 Der Project | 1 Asn1 Der | 2024-11-21 | N/A |
| An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field. | ||||
| CVE-2019-15538 | 7 Canonical, Debian, Fedoraproject and 4 more | 29 Ubuntu Linux, Debian Linux, Fedora and 26 more | 2024-11-21 | 7.5 High |
| An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | ||||
| CVE-2019-15256 | 1 Cisco | 24 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 21 more | 2024-11-21 | 8.6 High |
| A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device. | ||||
| CVE-2019-15226 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack. | ||||
| CVE-2019-15225 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | N/A |
| In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993. | ||||
| CVE-2019-15165 | 8 Apple, Canonical, Debian and 5 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-11-21 | 5.3 Medium |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | ||||
| CVE-2019-15118 | 5 Canonical, Debian, Linux and 2 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-11-21 | 5.5 Medium |
| check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | ||||
| CVE-2019-14940 | 1 Spdk | 1 Storage Performance Development Kit | 2024-11-21 | N/A |
| In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. | ||||
| CVE-2019-14901 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 9.8 Critical |
| A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. | ||||
| CVE-2019-14888 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 7 more | 2024-11-21 | 7.5 High |
| A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. | ||||
| CVE-2019-14867 | 3 Fedoraproject, Freeipa, Redhat | 4 Fedora, Freeipa, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
| A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. | ||||
| CVE-2019-14559 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-11-21 | 7.5 High |
| Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2019-14492 | 2 Opencv, Opensuse | 2 Opencv, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. | ||||
| CVE-2019-14491 | 1 Opencv | 1 Opencv | 2024-11-21 | N/A |
| An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. | ||||