Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13282 | 2 Fedoraproject, Glyphandcog | 2 Fedora, Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
|
|||||
| CVE-2019-13222 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
|
|||||
| CVE-2019-13120 | 1 Amazon | 1 Amazon Web Services Freertos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability.
|
|||||
| CVE-2019-13115 | 5 Debian, F5, Fedoraproject and 2 more | 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8 ...
Show More |
|||||
| CVE-2019-13110 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
|
|||||
| CVE-2019-13067 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
|
|||||
| CVE-2019-12972 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
|
|||||
| CVE-2019-12958 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
|
|||||
| CVE-2019-12957 | 2 Fedoraproject, Glyphandcog | 2 Fedora, Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
|
|||||
| CVE-2019-12897 | 1 Edrawsoft | 1 Edraw Max | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074.
|
|||||
| CVE-2019-12894 | 1 Alternate-tools | 1 Alternate Pic View | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b.
|
|||||
| CVE-2019-12869 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation ...
Show More |
|||||
| CVE-2019-12790 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.
|
|||||
| CVE-2019-12750 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
|
|||||
| CVE-2019-12727 | 1 Ui | 2 Aircam, Aircam Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers.
|
|||||
| CVE-2019-12555 | 1 Sweetscape | 1 010 Editor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
|
|||||
| CVE-2019-12554 | 1 Sweetscape | 1 010 Editor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
|
|||||
| CVE-2019-12529 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being de ...
Show More |
|||||
| CVE-2019-12515 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.
|
|||||
| CVE-2019-12493 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
|
|||||
| CVE-2019-12480 | 1 Bacnet Protocol Stack Project | 1 Bacnet Protocol Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
|
|||||
| CVE-2019-12360 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
|
|||||
| CVE-2019-12293 | 1 Freedesktop | 1 Poppler | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
|
|||||
| CVE-2019-12222 | 1 Libsdl | 1 Simple Directmedia Layer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.
|
|||||
| CVE-2019-12220 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.
|
|||||
| CVE-2019-12214 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
|
|||||
| CVE-2019-12207 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
|
|||||
| CVE-2019-12198 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
|
|||||
| CVE-2019-12159 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL.
|
|||||
| CVE-2019-12083 | 3 Fedoraproject, Opensuse, Rust-lang | 3 Fedora, Leap, Rust | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
|
|||||
| CVE-2019-11935 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
|
|||||
| CVE-2019-11934 | 1 Facebook | 1 Folly | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.
|
|||||
| CVE-2019-11926 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.
|
|||||
| CVE-2019-11925 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.
|
|||||
| CVE-2019-11852 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 6.4 MEDIUM | 3.7 LOW |
|
An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
|
|||||
| CVE-2019-11823 | 1 Synology | 1 Router Manager | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
|
|||||
| CVE-2019-11766 | 2 Debian, Dhcpcd Project | 2 Debian Linux, Dhcpcd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
|
|||||
| CVE-2019-11638 | 1 Gnu | 1 Recutils | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
|
|||||
| CVE-2019-11637 | 1 Gnu | 1 Recutils | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.
|
|||||
| CVE-2019-11598 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
|
|||||