Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20739 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker.
|
|||||
| CVE-2019-20734 | 1 Netgear | 50 D6220, D6220 Firmware, D8500 and 47 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6300v2 before 1.0.4.18, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6700v3 before 1.0.2.32, R6900 before ...
Show More |
|||||
| CVE-2019-20731 | 1 Netgear | 60 D6220, D6220 Firmware, D6400 and 57 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.18, R6400v2 before 1.0.2.52, R6700 before 1.0.1 ...
Show More |
|||||
| CVE-2019-20728 | 1 Netgear | 76 D6400, D6400 Firmware, D7000 and 73 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1. ...
Show More |
|||||
| CVE-2019-20719 | 1 Netgear | 30 D6220, D6220 Firmware, D6400 and 27 more | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
|
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R7000P before 1.4.1.30, R7100LG before 1.0.0.48, R7300DST before 1.0.0.68, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.
|
|||||
| CVE-2019-20712 | 1 Netgear | 48 D6220, D6220 Firmware, D6400 and 45 more | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
|
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.52, R7300DST before ...
Show More |
|||||
| CVE-2019-20699 | 1 Netgear | 14 Gs105e, Gs105e Firmware, Gs105pe and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.
|
|||||
| CVE-2019-20686 | 1 Netgear | 28 D6200, D6200 Firmware, D7000 and 25 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.40, R6080 before 1.0.0.40, R6050 before 1.0.1.18, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, and WNR2020 before 1.1.0.62.
|
|||||
| CVE-2019-20657 | 1 Netgear | 30 D6200, D6200 Firmware, D7000 and 27 more | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
|
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62.
|
|||||
| CVE-2019-20578 | 2 Google, Samsung | 2 Android, Exynos 9820 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019).
|
|||||
| CVE-2019-20572 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2019).
|
|||||
| CVE-2019-20562 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019).
|
|||||
| CVE-2019-20558 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019).
|
|||||
| CVE-2019-20548 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with P(9.0) devices (Qualcomm chipsets) software. There is a buffer overflow in the bootloader. The Samsung ID is SVE-2019-15399 (November 2019).
|
|||||
| CVE-2019-20545 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019).
|
|||||
| CVE-2019-20502 | 1 Echatserver | 1 Easy Chat Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.
|
|||||
| CVE-2019-20427 | 1 Lustre | 1 Lustre | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
|
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.
|
|||||
| CVE-2019-20423 | 1 Lustre | 1 Lustre | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
|
|||||
| CVE-2019-20082 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.
|
|||||
| CVE-2019-19917 | 3 Fedoraproject, Lout Project, Opensuse | 4 Fedora, Lout, Backports Sle and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
|
|||||
| CVE-2019-19907 | 1 Kopano | 1 Groupware Core | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.
|
|||||
| CVE-2019-19905 | 1 Nethack | 1 Nethack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
|
|||||
| CVE-2019-19782 | 1 Labf | 1 Aceaxe Plus | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.
|
|||||
| CVE-2019-19494 | 4 Compal, Netgear, Sagemcom and 1 more | 14 7284e, 7284e Firmware, 7486e and 11 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor ...
Show More |
|||||
| CVE-2019-19489 | 2 Microsoft, Smplayer | 2 Windows, Smplayer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.
|
|||||
| CVE-2019-19383 | 1 Freeftpd | 1 Freeftpd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).
|
|||||
| CVE-2019-19215 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.
|
|||||
| CVE-2019-19196 | 1 Telink-semi | 10 Tlsr8232, Tlsr8232 Ble Sdk, Tlsr8251 and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets.
|
|||||
| CVE-2019-18960 | 1 Amazon | 1 Firecracker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
|
|||||
| CVE-2019-18931 | 1 Western Digital | 2 My Cloud Ex2 Ultra, My Cloud Ex2 Ultra Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
|
|||||
| CVE-2019-18858 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
|
|||||
| CVE-2019-18397 | 2 Debian, Gnu | 2 Debian Linux, Fribidi | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout ...
Show More |
|||||
| CVE-2019-17666 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
|
|||||
| CVE-2019-17520 | 1 Ti | 2 Cc2640r2, Cc2640r2 Software Development Kit | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.
|
|||||
| CVE-2019-17519 | 1 Nxp | 9 Kw31z, Kw34, Kw35 and 6 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.
|
|||||
| CVE-2019-17518 | 1 Dialog-semiconductor | 5 Da14680, Da14681, Da14682 and 2 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.
|
|||||
| CVE-2019-17517 | 1 Dialog-semiconductor | 5 Da14580, Da14581, Da14582 and 2 more | 2024-11-21 | 6.1 MEDIUM | 5.7 MEDIUM |
|
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet.
|
|||||
| CVE-2019-17415 | 1 Upredsun | 1 File Sharing Wizard | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331.
|
|||||
| CVE-2019-17402 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
|
|||||
| CVE-2019-17320 | 1 Netsarang | 1 Xftp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.
|
|||||