Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17260 | 1 Mpc-hc | 1 Mpc-hc | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e.
|
|||||
| CVE-2019-17138 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage ...
Show More |
|||||
| CVE-2019-17136 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this ...
Show More |
|||||
| CVE-2019-17040 | 1 Rsyslog | 1 Rsyslog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.
|
|||||
| CVE-2019-16748 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
|
|||||
| CVE-2019-16705 | 1 Libming | 1 Libming | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.
|
|||||
| CVE-2019-16675 | 1 Phoenixcontact | 3 Config\+, Pc Worx, Pc Worx Express | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation.
|
|||||
| CVE-2019-16465 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
|
|||||
| CVE-2019-16461 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
|
|||||
| CVE-2019-16458 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
|
|||||
| CVE-2019-16457 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
|
|||||
| CVE-2019-16456 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
|
|||||
| CVE-2019-16449 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
|
|||||
| CVE-2019-16411 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.
|
|||||
| CVE-2019-16410 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking.
|
|||||
| CVE-2019-16249 | 1 Opencv | 1 Opencv | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
|
|||||
| CVE-2019-16166 | 1 Gnu | 1 Cflow | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
|
|||||
| CVE-2019-16162 | 1 K-takata | 1 Onigmo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c.
|
|||||
| CVE-2019-16139 | 1 Compact Arena Project | 1 Compact Arena | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.
|
|||||
| CVE-2019-16115 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
|
|||||
| CVE-2019-16098 | 1 Msi | 1 Afterburner | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
|
|||||
| CVE-2019-16095 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.
|
|||||
| CVE-2019-16094 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
|
|||||
| CVE-2019-16091 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.
|
|||||
| CVE-2019-15927 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.
|
|||||
| CVE-2019-15926 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
|
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
|
|||||
| CVE-2019-15925 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
|
|||||
| CVE-2019-15918 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
|
|||||
| CVE-2019-15699 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.
|
|||||
| CVE-2019-15682 | 1 Rdesktop | 1 Rdesktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5
|
|||||
| CVE-2019-15666 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
|
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
|
|||||
| CVE-2019-15664 | 1 Killernetworking | 1 Killer Control Center | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 2 of 2).
|
|||||
| CVE-2019-15663 | 1 Killernetworking | 1 Killer Control Center | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that can be used as part of a chain to escalate privileges (issue 1 of 2).
|
|||||
| CVE-2019-15662 | 1 Killernetworking | 1 Killer Control Center | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive that can be used as part of a chain to escalate privileges.
|
|||||
| CVE-2019-15651 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
|
|||||
| CVE-2019-15550 | 1 Simdjson Project | 1 Simdjson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary.
|
|||||
| CVE-2019-15531 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libextractor | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
|
|||||
| CVE-2019-15505 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
|
|||||
| CVE-2019-15147 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.
|
|||||
| CVE-2019-15146 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.
|
|||||