CVE-2019-12693

MEDIUM Year: 2019
CVSS v3 Score
6.8
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-704
View all →

Vulnerability Description

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.

Related Vulnerabilities

CVE-2022-21786

MEDIUM
CVSS:6.7(Medium)

In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...

CWE-7042022

CVE-2017-0607

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7042017

CVE-2018-12793

MEDIUM
CVSS:6.5(Medium)

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbi...

CWE-7042018

CVE-2018-3843

MEDIUM
CVSS:6.5(Medium)

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object ...

CWE-7042018

CVE-2025-20072

MEDIUM
CVSS:6.5(Medium)

Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted mali...

CWE-7042025

CVE-2025-21088

MEDIUM
CVSS:6.5(Medium)

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which a...

CWE-7042025