CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010312 DoS 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later.
2 CVE-2019-1010302 119 DoS Overflow 2019-07-15 2020-08-24
4.3
None Remote Medium Not required None None Partial
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
3 CVE-2019-1010301 119 DoS Overflow 2019-07-15 2021-07-21
4.3
None Remote Medium Not required None None Partial
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
4 CVE-2019-1010279 347 DoS Bypass 2019-07-18 2019-08-01
5.0
None Remote Low Not required None None Partial
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
5 CVE-2019-1010266 770 DoS 2019-07-17 2020-09-30
4.0
None Remote Low ??? None None Partial
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
6 CVE-2019-1010262 749 DoS 2019-07-18 2019-07-19
5.0
None Remote Low Not required None None Partial
scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: _RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap. The fixed version is: after commit 0d7ae2b039f650a40e511d09eb961c782da025d9.
7 CVE-2019-1010251 20 DoS Bypass 2019-07-18 2019-07-23
5.0
None Remote Low Not required None None Partial
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2.
8 CVE-2019-1010239 754 DoS 2019-07-19 2021-07-21
5.0
None Remote Low Not required None None Partial
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.
9 CVE-2019-1010228 119 DoS Exec Code Overflow 2019-07-22 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.
10 CVE-2019-1010204 20 DoS 2019-07-23 2021-07-21
4.3
None Remote Medium Not required None None Partial
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.
11 CVE-2019-1010183 674 DoS 2019-07-25 2020-08-24
4.3
None Remote Medium Not required None None Partial
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later.
12 CVE-2019-1010182 674 DoS 2019-07-25 2020-08-24
4.3
None Remote Medium Not required None None Partial
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later.
13 CVE-2019-1010177 416 DoS Exec Code 2019-07-24 2019-08-01
7.5
None Remote Low Not required Partial Partial Partial
Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit 48a66c798d.
14 CVE-2019-1010176 119 DoS Exec Code Overflow 2019-07-25 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.
15 CVE-2019-1010173 617 DoS 2019-07-23 2020-08-24
5.0
None Remote Low Not required None None Partial
Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3.
16 CVE-2019-1010172 400 DoS 2019-07-25 2019-08-01
5.0
None Remote Low Not required None None Partial
Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39.
17 CVE-2019-1010171 476 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.
18 CVE-2019-1010170 416 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
19 CVE-2019-1010169 125 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
20 CVE-2019-1010163 119 DoS Exec Code Overflow 2019-07-24 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley).
21 CVE-2019-1010162 476 DoS Exec Code 2019-07-23 2019-10-09
4.3
None Remote Medium Not required None None Partial
jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77.
22 CVE-2019-1010156 287 DoS Bypass +Info 2019-07-23 2019-07-24
6.4
None Remote Low Not required Partial None Partial
D-Link DSL-2750U Firmware 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login form.
23 CVE-2019-1010155 DoS Bypass +Info 2019-07-23 2020-08-24
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage.
24 CVE-2019-1010142 835 DoS 2019-07-19 2020-08-24
5.0
None Remote Low Not required None None Partial
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.
25 CVE-2019-1010129 416 DoS Exec Code 2019-07-23 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
VCFTools vcfools prior to version 0.1.15 is affected by: Heap Use-After-Free. The impact is: Denial of Service or possibly unspecified impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
26 CVE-2019-1010127 416 DoS Exec Code 2019-07-25 2019-07-30
6.8
None Remote Medium Not required Partial Partial Partial
VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
27 CVE-2019-1010083 DoS 2019-07-17 2020-08-24
5.0
None Remote Low Not required None None Partial
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.
28 CVE-2019-1010069 119 DoS Overflow 2019-07-18 2020-08-24
4.3
None Remote Medium Not required None None Partial
moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.
29 CVE-2019-1010057 119 DoS Exec Code Overflow 2019-07-16 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e.
30 CVE-2019-1010048 DoS Overflow 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file.
31 CVE-2019-1010044 119 DoS Exec Code Overflow 2019-07-15 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable.
32 CVE-2019-1010043 119 DoS Exec Code Overflow 2019-07-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.
33 CVE-2019-1010039 119 DoS Exec Code Overflow 2019-07-15 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line.
34 CVE-2019-1010038 119 DoS Exec Code Overflow 2019-07-15 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable.
35 CVE-2019-1010017 91 DoS 2019-07-15 2019-07-17
5.0
None Remote Low Not required None None Partial
libnmap < v0.6.3 is affected by: XML Injection. The impact is: Denial of service (DoS) by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
36 CVE-2019-1010011 DoS Overflow 2019-07-14 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
moinejf abcm2ps 8.13.16 and after is affected by: CWE-121: Stack-based Buffer Overflow. The impact is: This vulnerability allows remote attackers to cause a denial of service via a crafted file. The component is: parse.c / function: get_key and music.c/ function: delayed_output.
37 CVE-2019-1010004 125 DoS 2019-07-15 2019-08-02
4.3
None Remote Medium Not required None None Partial
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
38 CVE-2019-1003022 352 DoS 2019-02-06 2019-10-09
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.
39 CVE-2019-1003015 611 DoS 2019-02-06 2019-10-09
6.4
None Remote Low Not required Partial None Partial
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.
40 CVE-2019-1003011 674 DoS 2019-02-06 2020-09-29
5.5
None Remote Low ??? Partial None Partial
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
41 CVE-2019-1002100 770 DoS 2019-04-01 2020-08-24
4.0
None Remote Low ??? None None Partial
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.
42 CVE-2019-1000019 125 DoS 2019-02-04 2019-11-06
4.3
None Remote Medium Not required None None Partial
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
43 CVE-2019-1000016 129 DoS 2019-02-04 2019-02-06
4.3
None Remote Medium Not required None None Partial
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.
44 CVE-2019-1000007 19 DoS 2019-02-04 2021-07-21
5.8
None Remote Medium Not required None Partial Partial
aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3.
45 CVE-2019-20096 401 DoS 2019-12-30 2020-08-24
4.9
None Local Low Not required None None Complete
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
46 CVE-2019-20095 772 DoS 2019-12-30 2021-07-21
4.9
None Local Low Not required None None Complete
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
47 CVE-2019-20093 476 DoS 2019-12-30 2020-01-26
4.3
None Remote Medium Not required None None Partial
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.
48 CVE-2019-20051 682 DoS 2019-12-27 2020-02-03
4.3
None Remote Medium Not required None None Partial
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
49 CVE-2019-19996 20 DoS 2019-12-26 2021-07-21
7.8
None Remote Low Not required None None Complete
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
50 CVE-2019-19966 416 DoS 2019-12-25 2020-03-13
2.1
None Local Low Not required None None Partial
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
Total number of vulnerabilities : 1342   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.