Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20429 | 1 Lustre | 1 Lustre | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2.
|
|||||
| CVE-2019-20428 | 1 Lustre | 1 Lustre | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
|
|||||
| CVE-2019-20387 | 2 Debian, Opensuse | 2 Debian Linux, Libsolv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.
|
|||||
| CVE-2019-20367 | 4 Canonical, Debian, Freedesktop and 1 more | 4 Ubuntu Linux, Debian Linux, Libbsd and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
|
|||||
| CVE-2019-20352 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
|
|||||
| CVE-2019-20219 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.
|
|||||
| CVE-2019-20200 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
|
|||||
| CVE-2019-20199 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
|
|||||
| CVE-2019-20089 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.
|
|||||
| CVE-2019-20088 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c.
|
|||||
| CVE-2019-20087 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature.
|
|||||
| CVE-2019-20086 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c.
|
|||||
| CVE-2019-20020 | 1 Matio Project | 1 Matio | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17.
|
|||||
| CVE-2019-20018 | 1 Matio Project | 1 Matio | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17.
|
|||||
| CVE-2019-20017 | 1 Matio Project | 1 Matio | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.
|
|||||
| CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
|
|||||
| CVE-2019-20005 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
|
|||||
| CVE-2019-1996 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066.
|
|||||
| CVE-2019-1853 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 5.0 MEDIUM | 4.8 MEDIUM |
|
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected sy ...
Show More |
|||||
| CVE-2019-1798 | 1 Clamav | 1 Clamav | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Sof ...
Show More |
|||||
| CVE-2019-1789 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
|
|||||
| CVE-2019-1787 | 3 Clamav, Debian, Opensuse | 3 Clamav, Debian Linux, Leap | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected de ...
Show More |
|||||
| CVE-2019-1786 | 1 Clamav | 1 Clamav | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected ...
Show More |
|||||
| CVE-2019-1481 | 1 Microsoft | 1 Windows 7 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480.
|
|||||
| CVE-2019-1480 | 1 Microsoft | 1 Windows 7 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481.
|
|||||
| CVE-2019-1466 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467.
|
|||||
| CVE-2019-1465 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467.
|
|||||
| CVE-2019-1432 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1411.
|
|||||
| CVE-2019-1412 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.
|
|||||
| CVE-2019-1411 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432.
|
|||||
| CVE-2019-1361 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.
|
|||||
| CVE-2019-1347 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.
|
|||||
| CVE-2019-1346 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.
|
|||||
| CVE-2019-1345 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.
|
|||||
| CVE-2019-1344 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.
|
|||||
| CVE-2019-19977 | 1 Libesmtp Project | 1 Libesmtp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
|
|||||
| CVE-2019-19957 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength.
|
|||||
| CVE-2019-19953 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
|
|||||
| CVE-2019-19949 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
|
|||||
| CVE-2019-19945 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.
|
|||||