Vulnerabilities (CVE)

CWE filter



3596 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11683 1 Linux 1 Linux Kernel 2019-06-15 10.0
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0...
CVE-2016-6301 1 Busybox 1 Busybox 2019-06-13 7.8
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
CVE-2014-9402 4 Gnu, Canonical, Novell and 1 more 4 Ubuntu Linux, Glibc, Opensuse and 1 more 2019-06-13 7.8
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a...
CVE-2019-0220 5 Apache, Canonical, Debian and 2 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2019-06-12 5.0
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular...
CVE-2018-6918 1 Freebsd 1 Freebsd 2019-06-11 7.8
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero....
CVE-2018-7843 1 Schneider-electric 4 Modicon M340 Firmware, Modicon M580 Firmware, Modicon Premium Firmware and 1 more 2019-06-10 5.0
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid...
CVE-2019-12379 1 Linux 1 Linux Kernel 2019-06-10 4.9
An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc.
CVE-2019-6608 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2019-06-06 7.1
On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-, and 14.0.0-, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.
CVE-2015-5516 1 F5 19 Big-ip Webaccelerator, Big-ip Policy Enforcement Manager, Big-ip Analytics and 16 more 2019-06-06 7.8
Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before...
CVE-2016-6876 1 F5 15 Big-ip Webaccelerator, Big-ip Policy Enforcement Manager, Big-ip Analytics and 12 more 2019-06-06 5.0
The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4...
CVE-2018-1000654 1 Gnu 1 Libtasn1 2019-06-05 7.1
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program...
CVE-2010-3937 1 Microsoft 1 Exchange Server 2019-06-01 4.0
Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
CVE-2013-4343 1 Linux 1 Linux Kernel 2019-05-31 6.9
Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.
CVE-2018-1324 2019-05-30 4.3
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of...
CVE-2018-11771 2019-05-30 4.3
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a...
CVE-2018-15756 2 Pivotal Software, Oracle 4 Spring Framework, Enterprise Manager Ops Center, Retail Invoice Matching and 1 more 2019-05-29 5.0
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the...
CVE-2018-16750 2 Imagemagick, Canonical 2 Imagemagick, Ubuntu Linux 2019-05-29 4.3
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
CVE-2019-5427 1 Mchange 1 C3p0 2019-05-29 5.0
c3p0 version < may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CVE-2018-15173 1 Nmap 1 Nmap 2019-05-28 5.0
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.
CVE-2019-10903 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-05-25 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.