Total
476 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-18659 | 1 Google | 1 Android | 2020-04-08 | 5.3 Medium |
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017). | ||||
CVE-2019-20422 | 1 Linux | 1 Linux Kernel | 2020-03-13 | 5.5 Medium |
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. | ||||
CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 7.5 High |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 7.5 High |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 7.5 High |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 7.5 High |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 7.5 High |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 7.5 High |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
CVE-2015-2688 | 1 Torproject | 1 Tor | 2020-01-31 | 7.5 High |
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | ||||
CVE-2019-14853 | 1 Python-ecdsa Project | 1 Python-ecdsa | 2019-12-18 | 7.5 High |
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. | ||||
CVE-2017-11140 | 1 Graphicsmagick | 1 Graphicsmagick | 2019-12-03 | N/A |
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. | ||||
CVE-2019-11177 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2019-11-19 | 7.5 High |
Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
CVE-2012-1109 | 1 Pediapress | 1 Mwlib | 2019-11-14 | 7.5 High |
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions | ||||
CVE-2009-5043 | 2 Burn Project, Debian | 2 Burn, Debian Linux | 2019-11-06 | 9.8 Critical |
burn allows file names to escape via mishandled quotation marks | ||||
CVE-2019-8462 | 1 Checkpoint | 2 Gaia, Security Gateway | 2019-10-09 | 7.5 High |
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging. | ||||
CVE-2018-0316 | 1 Cisco | 13 Ip Phone 6841, Ip Phone 6851, Ip Phone 7811 and 10 more | 2019-10-09 | N/A |
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718. | ||||
CVE-2018-0272 | 1 Cisco | 1 Firepower | 2019-10-09 | N/A |
A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device. A successful exploit could allow the attacker to degrade the device performance by triggering a persistent high CPU utilization condition. Cisco Bug IDs: CSCvh89340. | ||||
CVE-2017-9658 | 1 Philips | 2 Intellivue Mx40, Intellivue Mx40 Firmware | 2019-10-09 | N/A |
Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point. | ||||
CVE-2017-9657 | 1 Philips | 2 Intellivue Mx40, Intellivue Mx40 Firmware | 2019-10-09 | N/A |
Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point. | ||||
CVE-2017-7496 | 1 Fedoraproject | 1 Arm Installer | 2019-10-09 | N/A |
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories. |