|
223531
|
7.5 |
HIGH
Network
|
bouncycastle
apache
netapp
oracle
|
legion-of-the-bouncy-castle-java-crytography-api
tomee
oncommand_workflow_automation
service_level_manager
oncommand_api_services
active_iq_unified_manager
flexcube_private_banking<…
|
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-17359
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223532
|
7.5 |
HIGH
Network
|
jfinal
|
jfinal
|
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-17352
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223533
|
4.9 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
|
CWE-89
SQL Injection
|
CVE-2019-17271
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223534
|
5.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-17349
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223535
|
6.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable…
|
CWE-20
Improper Input Validation
|
CVE-2019-17348
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223536
|
7.8 |
HIGH
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incom…
|
CWE-20
Improper Input Validation
|
CVE-2019-17347
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223537
|
8.8 |
HIGH
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) a…
|
CWE-20
Improper Input Validation
|
CVE-2019-17346
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223538
|
6.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of…
|
NVD-CWE-noinfo
|
CVE-2019-17345
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223539
|
6.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
|
CWE-662
Improper Synchronization
|
CVE-2019-17344
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223540
|
6.8 |
MEDIUM
Physics
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
|
CWE-667
Improper Locking
|
CVE-2019-17343
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
