CWE-19
61 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-19page 1 of 2
- CVE-2006-7254MEDIUMCVSS 5.5EG 5.52019-04-10
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
- CVE-2009-5155HIGHCVSS 7.5EG 7.52019-02-26
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by …
- CVE-2014-10039CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older …
- CVE-2015-0203MEDIUMCVSS 6.5EG 6.52018-02-21
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-…
- CVE-2015-9137HIGHCVSS 7.5EG 7.52018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410…
- CVE-2015-9166HIGHCVSS 7.5EG 7.52018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, S…
- CVE-2016-1000340HIGHCVSS 7.5EG 7.52018-06-04
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by ou…
- CVE-2016-10429HIGHCVSS 7.5EG 7.52018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM890…
- CVE-2016-10455HIGHCVSS 7.5EG 7.52018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410…
- CVE-2017-6920CRITICALCVSS 9.8EG 9.82018-08-06
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
- CVE-2018-0157HIGHCVSS 8.6EG 8.62018-03-28
A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. …
- CVE-2018-0177HIGHCVSS 7.5EG 7.52018-03-28
A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, trace…
- CVE-2018-0203MEDIUMCVSS 5.3EG 5.32018-02-22
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain informa…
- CVE-2018-0455HIGHCVSS 7.5EG 7.52018-10-05
A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system me…
- CVE-2018-0485HIGHCVSS 8.6EG 8.62018-10-05
A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Route…
- CVE-2018-4329HIGHCVSS 7.5EG 7.52019-04-03
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.
- CVE-2018-5915CRITICALCVSS 9.8EG 9.82019-01-18
Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD…
- CVE-2018-6091MEDIUMCVSS 6.5EG 6.52019-01-09
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2018-6097MEDIUMCVSS 6.5EG 6.52019-01-09
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
- CVE-2018-6100MEDIUMCVSS 6.5EG 6.52019-01-09
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2018-6106HIGHCVSS 8.8EG 8.82019-01-09
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
- CVE-2018-6133MEDIUMCVSS 6.5EG 6.52019-01-09
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2018-6332MEDIUMCVSS 5.9EG 5.92018-12-03
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the…
- CVE-2019-0013MEDIUMCVSS 6.5EG 7.52019-01-15
The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This…
- CVE-2019-0014HIGHCVSS 7.5EG 7.52019-01-15
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeated…
- CVE-2019-0089MEDIUMCVSS 6.7EG 6.72019-05-17
Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable es…
- CVE-2019-0548HIGHCVSS 7.5EG 7.52019-01-08
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.
- CVE-2019-0564HIGHCVSS 7.5EG 7.52019-01-08
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
- CVE-2019-0630HIGHCVSS 8.8EG 8.82019-03-05
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633.
- CVE-2019-0633HIGHCVSS 8.8EG 8.82019-03-05
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.
- CVE-2019-0801HIGHCVSS 7.8EG 7.82019-04-09
A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel …
- CVE-2019-0811HIGHCVSS 7.5EG 7.52019-07-15
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'.
- CVE-2019-0815HIGHCVSS 7.5EG 7.52019-04-09
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
- CVE-2019-0817MEDIUMCVSS 5.4EG 5.42019-04-09
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
- CVE-2019-0941MEDIUMCVSS 4.4EG 4.42019-06-12
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages…
- CVE-2019-0945HIGHCVSS 7.8EG 7.82019-05-16
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is u…
- CVE-2019-0946HIGHCVSS 7.8EG 7.82019-05-16
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is u…
- CVE-2019-0947HIGHCVSS 7.8EG 7.82019-05-16
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is u…
- CVE-2019-0980HIGHCVSS 7.5EG 7.52019-05-16
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
- CVE-2019-0981HIGHCVSS 7.5EG 7.52019-05-16
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
- CVE-2019-0982HIGHCVSS 7.5EG 7.52019-05-16
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
- CVE-2019-10477HIGHCVSS 7.5EG 7.52019-03-29
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.
- CVE-2019-1083HIGHCVSS 7.5EG 7.52019-07-15
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.
- CVE-2019-11070MEDIUMCVSS 5.3EG 5.32019-04-10
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by…
- CVE-2019-12828HIGHCVSS 8.8EG 8.82019-06-14
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code …
- CVE-2019-13624CRITICALCVSS 9.8EG 9.82019-07-17
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
- CVE-2019-13917CRITICALCVSS 9.8EG 9.82019-07-25
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
- CVE-2019-14794HIGHCVSS 7.5EG 7.52019-08-09
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
- CVE-2019-3554MEDIUMCVSS 5.9EG 5.92019-01-15
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.…
- CVE-2019-4236MEDIUMCVSS 4.4EG 4.42019-07-22
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the obje…
Map vulnerabilities like CWE-19 to your infrastructure
EchelonGraph correlates every CVE — across CWE-19 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →