Show filters
263 Total Results
Displaying 141-150 of 263
Sort by:
Attacker Value
Unknown

CVE-2020-11655

Disclosure Date: April 09, 2020 (last updated February 21, 2025)
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Attacker Value
Unknown

CVE-2020-7595

Disclosure Date: January 21, 2020 (last updated February 21, 2025)
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
Attacker Value
Unknown

CVE-2019-19956

Disclosure Date: December 24, 2019 (last updated November 08, 2023)
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
Attacker Value
Unknown

CVE-2019-17498

Disclosure Date: October 21, 2019 (last updated November 08, 2023)
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Attacker Value
Unknown

CVE-2019-5506

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
Attacker Value
Unknown

CVE-2019-16168

Disclosure Date: September 09, 2019 (last updated November 08, 2023)
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Attacker Value
Unknown

CVE-2019-9517

Disclosure Date: August 13, 2019 (last updated January 15, 2025)
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Attacker Value
Unknown

CVE-2019-13115

Disclosure Date: July 16, 2019 (last updated November 08, 2023)
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
Attacker Value
Unknown

CVE-2019-11815

Disclosure Date: May 08, 2019 (last updated November 27, 2024)
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
Attacker Value
Unknown

CVE-2018-20836

Disclosure Date: May 07, 2019 (last updated November 27, 2024)
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.