CVE-2019-11287

MEDIUM Year: 2019
CVSS v3 Score
4.5
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-400
View all →

Vulnerability Description

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Related Vulnerabilities

CVE-2018-17977

MEDIUM
CVSS:4.4(Medium)

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumpti...

CWE-4002018

CVE-2019-10636

MEDIUM
CVSS:4.6(Medium)

Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS10...

CWE-4002019

CVE-2021-0008

MEDIUM
CVSS:4.4(Medium)

Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denia...

CWE-4002021

CVE-2021-0092

MEDIUM
CVSS:4.4(Medium)

Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

CWE-4002021

CVE-2022-0353

MEDIUM
CVSS:4.4(Medium)

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrativ...

CWE-4002022

CVE-2022-3698

MEDIUM
CVSS:4.4(Medium)

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrativ...

CWE-4002022