CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010312 DoS 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later.
2 CVE-2019-1010302 284 DoS 2019-07-15 2019-08-13
4.3
None Remote Medium Not required None None Partial
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
3 CVE-2019-1010301 119 DoS Overflow 2019-07-15 2019-08-12
4.3
None Remote Medium Not required None None Partial
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
4 CVE-2019-1010279 347 DoS Bypass 2019-07-18 2019-08-01
5.0
None Remote Low Not required None None Partial
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
5 CVE-2019-1010266 400 DoS 2019-07-17 2019-09-19
4.0
None Remote Low Single system None None Partial
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
6 CVE-2019-1010262 749 DoS 2019-07-18 2019-07-19
5.0
None Remote Low Not required None None Partial
scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: _RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap. The fixed version is: after commit 0d7ae2b039f650a40e511d09eb961c782da025d9.
7 CVE-2019-1010251 20 DoS Bypass 2019-07-18 2019-07-23
5.0
None Remote Low Not required None None Partial
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2.
8 CVE-2019-1010239 754 DoS 2019-07-19 2019-07-29
5.0
None Remote Low Not required None None Partial
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.
9 CVE-2019-1010228 119 DoS Exec Code Overflow 2019-07-22 2019-09-26
7.5
None Remote Low Not required Partial Partial Partial
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.
10 CVE-2019-1010204 125 DoS 2019-07-23 2019-08-22
4.3
None Remote Medium Not required None None Partial
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
11 CVE-2019-1010183 400 DoS 2019-07-25 2019-08-01
4.3
None Remote Medium Not required None None Partial
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later.
12 CVE-2019-1010182 400 DoS 2019-07-25 2019-08-05
4.3
None Remote Medium Not required None None Partial
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later.
13 CVE-2019-1010177 416 DoS Exec Code 2019-07-24 2019-08-01
7.5
None Remote Low Not required Partial Partial Partial
Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit 48a66c798d.
14 CVE-2019-1010176 119 DoS Exec Code Overflow 2019-07-25 2019-08-05
7.5
None Remote Low Not required Partial Partial Partial
JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.
15 CVE-2019-1010173 20 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3.
16 CVE-2019-1010172 400 DoS 2019-07-25 2019-08-01
5.0
None Remote Low Not required None None Partial
Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39.
17 CVE-2019-1010171 476 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.
18 CVE-2019-1010170 416 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
19 CVE-2019-1010169 125 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
20 CVE-2019-1010163 119 DoS Exec Code Overflow 2019-07-24 2019-08-01
7.2
None Local Low Not required Complete Complete Complete
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley).
21 CVE-2019-1010162 476 DoS Exec Code 2019-07-23 2019-10-09
4.3
None Remote Medium Not required None None Partial
jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77.
22 CVE-2019-1010156 287 DoS Bypass +Info 2019-07-23 2019-07-24
6.4
None Remote Low Not required Partial None Partial
D-Link DSL-2750U Firmware 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login form.
23 CVE-2019-1010155 287 DoS Bypass +Info 2019-07-23 2019-08-08
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage.
24 CVE-2019-1010142 400 DoS 2019-07-19 2019-07-23
5.0
None Remote Low Not required None None Partial
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.
25 CVE-2019-1010129 416 DoS Exec Code 2019-07-23 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
VCFTools vcfools prior to version 0.1.15 is affected by: Heap Use-After-Free. The impact is: Denial of Service or possibly unspecified impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
26 CVE-2019-1010127 416 DoS Exec Code 2019-07-25 2019-07-30
6.8
None Remote Medium Not required Partial Partial Partial
VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
27 CVE-2019-1010083 399 DoS 2019-07-17 2019-08-25
5.0
None Remote Low Not required None None Partial
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.
28 CVE-2019-1010069 284 DoS 2019-07-18 2019-07-19
4.3
None Remote Medium Not required None None Partial
moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.
29 CVE-2019-1010057 119 DoS Exec Code Overflow 2019-07-16 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e.
30 CVE-2019-1010048 DoS Overflow 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file.
31 CVE-2019-1010044 119 DoS Exec Code Overflow 2019-07-15 2019-07-17
7.5
None Remote Low Not required Partial Partial Partial
borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable.
32 CVE-2019-1010043 119 DoS Exec Code Overflow 2019-07-16 2019-07-29
7.5
None Remote Low Not required Partial Partial Partial
Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.
33 CVE-2019-1010039 119 DoS Exec Code Overflow 2019-07-15 2019-07-16
7.5
None Remote Low Not required Partial Partial Partial
uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line.
34 CVE-2019-1010038 119 DoS Exec Code Overflow 2019-07-15 2019-07-30
7.5
None Remote Low Not required Partial Partial Partial
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable.
35 CVE-2019-1010017 91 DoS 2019-07-14 2019-07-17
5.0
None Remote Low Not required None None Partial
libnmap < v0.6.3 is affected by: XML Injection. The impact is: Denial of service (DoS) by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
36 CVE-2019-1010011 DoS Overflow 2019-07-14 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
moinejf abcm2ps 8.13.16 and after is affected by: CWE-121: Stack-based Buffer Overflow. The impact is: This vulnerability allows remote attackers to cause a denial of service via a crafted file. The component is: parse.c / function: get_key and music.c/ function: delayed_output.
37 CVE-2019-1010004 125 DoS 2019-07-14 2019-08-02
4.3
None Remote Medium Not required None None Partial
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
38 CVE-2019-1003022 352 DoS 2019-02-06 2019-10-09
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.
39 CVE-2019-1003015 611 DoS 2019-02-06 2019-10-09
6.4
None Remote Low Not required Partial None Partial
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.
40 CVE-2019-1003011 20 DoS 2019-02-06 2019-10-09
5.5
None Remote Low Single system Partial None Partial
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
41 CVE-2019-1002100 400 DoS 2019-04-01 2019-04-16
4.0
None Remote Low Single system None None Partial
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.
42 CVE-2019-1000019 125 DoS 2019-02-04 2019-04-12
4.3
None Remote Medium Not required None None Partial
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
43 CVE-2019-17592 DoS 2019-10-14 2019-10-15
0.0
None ??? ??? ??? ??? ??? ???
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.
44 CVE-2019-17583 DoS 2019-10-14 2019-10-15
0.0
None ??? ??? ??? ??? ??? ???
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
45 CVE-2019-17532 DoS 2019-10-12 2019-10-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.
46 CVE-2019-17450 674 DoS 2019-10-10 2019-10-15
4.3
None Remote Medium Not required None None Partial
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
47 CVE-2019-17414 DoS 2019-10-09 2019-10-09
0.0
None ??? ??? ??? ??? ??? ???
tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL.
48 CVE-2019-17362 125 DoS 2019-10-08 2019-10-15
6.4
None Remote Low Not required Partial None Partial
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
49 CVE-2019-17351 400 DoS 2019-10-07 2019-10-11
4.9
None Local Low Not required None None Complete
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
50 CVE-2019-17350 835 DoS 2019-10-07 2019-10-11
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.
Total number of vulnerabilities : 919   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.