How severe is CVE-2019-5892?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-5892?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2019-5892

MEDIUM Year: 2019

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-436

View all →

Vulnerability Description

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed.

CVE-2022-0011

MEDIUM

CVSS:6.5(Medium)

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL categ...

CWE-4362022

CVE-2022-29254

MEDIUM

CVSS:6.5(Medium)

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), i...

CWE-4362022

CVE-2023-29406

MEDIUM

CVSS:6.5(Medium)

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses t...

CWE-4362023

CVE-2023-30536

MEDIUM

CVSS:6.5(Medium)

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that...

CWE-4362023

CVE-2024-24753

MEDIUM

CVSS:6.5(Medium)

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two head...

CWE-4362024

CVE-2023-39481

MEDIUM

CVSS:6.6(Medium)

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing...

CWE-4362023

CVE-2019-5892

Vulnerability Description

Related Vulnerabilities

CVE-2022-0011

CVE-2022-29254

CVE-2023-29406

CVE-2023-30536

CVE-2024-24753

CVE-2023-39481