Filtered by CWE-19
Filtered by vendor Subscriptions
Total 232 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-9194 1 Arbiter 1 1094b Gps Substation Clock 2025-07-29 N/A
Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.
CVE-2019-0941 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-05-20 4.4 Medium
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering. The update addresses the vulnerability by changing the way certain requests are processed by the filter.
CVE-2016-1000340 2 Bouncycastle, Redhat 4 Bc-java, Jboss Fuse, Satellite and 1 more 2025-05-12 N/A
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
CVE-2018-6332 1 Facebook 1 Hhvm 2025-05-06 5.9 Medium
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.
CVE-2016-9252 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more 2025-04-20 N/A
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.
CVE-2015-8985 1 Gnu 1 Glibc 2025-04-20 5.9 Medium
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
CVE-2016-6765 1 Google 1 Android 2025-04-20 N/A
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945.
CVE-2016-5225 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
CVE-2016-9650 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.
CVE-2016-4925 1 Juniper 1 Junose 2025-04-20 N/A
Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue.
CVE-2016-3091 1 Cloud Foundry 1 Diego 2025-04-20 N/A
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.
CVE-2016-0761 2 Cloudfoundry, Pivotal Software 2 Garden Linux, Cloud Foundry Elastic Runtime 2025-04-20 9.8 Critical
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
CVE-2015-1838 2 Fedoraproject, Saltstack 2 Fedora, Salt 2025-04-20 N/A
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2016-9305 1 Autodesk 1 Fbx Software Development Kit 2025-04-20 N/A
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
CVE-2016-5214 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.
CVE-2016-6286 1 Call-cc 1 Http-client 2025-04-20 N/A
The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all versions of spiffy-cgi-handlers before 0.5.
CVE-2016-6287 1 Call-cc 1 Http-client 2025-04-20 N/A
The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10.
CVE-2016-2783 1 Avaya 1 Vsp Operating System Software 2025-04-20 N/A
Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.
CVE-2012-5358 1 Ektron 1 Ektron Content Management System 2025-04-20 N/A
The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.
CVE-2016-7540 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.