CWE:

	Topic	Date	Author
Med.	ZyXEL P-660HW UDP fragmentation Denial of Service	12.01.2018	Hosein Askari
Med.	ZyXEL TTL Expiry Denial of Service	25.12.2017	Hosein Askari
Low	Android Private Internet Access Denial Of Service	30.10.2017	nightwatchcybersecurit...
Low	libgedit.a mishandling NUL Blocks in gedit(GNOME text editor)	02.09.2017	Hosein Askari
Low	Trihedral VTScada DoS / XSS / Information Disclosure	01.07.2017	Karn Ganeshen
Med.	MikroTik UDP Flood Denial of Service	10.05.2017	Hosein Askari
Med.	BackBox OS Denial Of Service(CPU Consumption)	01.04.2017	Hosein Askari(FarazPaj...
Med.	MikroTik RouterBoard V-6.38.5 Denial Of Service | CPU Consumption	28.03.2017	Hosein Askari (FarazPa...
Med.	Android Qualcomm GPS/GNSS Man-In-The-Middle	12.10.2016	Yakov Shafranovich
Low	Open-Xchange App Suite 7.8.1 Information Disclosure	23.06.2016	Martin Heiland
Med.	SAP Afaria 7 XcListener DoS in the module XeClient.Dll	19.06.2015	Vahagn Vardanyan
Med.	XMPP-Layer Compression Uncontrolled Resource Consumption	06.04.2014	Giancarlo Pellegrino
Low	Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit	06.05.2012	condis

---

CVEMAP Search Results

CVE

Details

Description

2020-04-07

Medium

CVE-2019-17657

Vendor: Fortinet Software: Fortianalyzer

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.

2020-04-04

Medium

CVE-2020-5347

Vendor: DELL Software: Emc isilon onefs

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

2020-04-03

Medium

CVE-2019-18904

Updating...

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.

2020-04-01

Low	CVE-2019-11254	Vendor: Kubernetes Software: Kubernetes	The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
High	CVE-2020-3899	Vendor: Apple Software: Icloud	A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

2020-03-30

Medium

CVE-2020-5527

Updating...

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

2020-03-27

Medium

CVE-2020-10954

Vendor: Gitlab Software: Gitlab

GitLab through 12.9 is affected by a potential DoS in repository archive download.

2020-03-24

Medium	CVE-2020-6080	Vendor: Videolabs Software: Libmicrodns	An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
Medium	CVE-2019-20612	Vendor: Google Software: Android	An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019).
Medium	CVE-2020-6079	Vendor: Videolabs Software: Libmicrodns	An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.

 

---

Copyright 2020, cxsecurity.com