Filtered by vendor
Subscriptions
Total
232 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-0014 | 1 Juniper | 17 Junos, Ptx1000, Ptx10002 and 14 more | 2024-11-21 | N/A |
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100. | ||||
CVE-2019-0013 | 1 Juniper | 1 Junos | 2024-11-21 | N/A |
The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D77; 15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R7; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R2-S3, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2. | ||||
CVE-2018-6332 | 1 Facebook | 1 Hhvm | 2024-11-21 | N/A |
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. | ||||
CVE-2018-6133 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
CVE-2018-6106 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||||
CVE-2018-6100 | 4 Apple, Debian, Google and 1 more | 7 Mac Os X, Debian Linux, Chrome and 4 more | 2024-11-21 | N/A |
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||||
CVE-2018-6097 | 4 Apple, Debian, Google and 1 more | 7 Macos, Debian Linux, Chrome and 4 more | 2024-11-21 | N/A |
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | ||||
CVE-2018-6091 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
CVE-2018-5915 | 1 Qualcomm | 42 Mdm9607, Mdm9607 Firmware, Mdm9640 and 39 more | 2024-11-21 | N/A |
Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 | ||||
CVE-2018-4329 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | N/A |
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. | ||||
CVE-2017-6920 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. | ||||
CVE-2016-9650 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. | ||||
CVE-2016-9305 | 1 Autodesk | 1 Fbx Software Development Kit | 2024-11-21 | N/A |
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers. | ||||
CVE-2016-9252 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2024-11-21 | N/A |
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. | ||||
CVE-2016-9149 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | ||||
CVE-2016-8660 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." | ||||
CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2024-11-21 | N/A |
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | ||||
CVE-2016-7987 | 1 Siemens | 8 Eta2 Firmware, Eta4 Firmware, Sicam Ak and 5 more | 2024-11-21 | N/A |
An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability. | ||||
CVE-2016-7540 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | ||||
CVE-2016-7395 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data. |