Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13298 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
|
|||||
| CVE-2019-13290 | 1 Artifex | 1 Mupdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.
|
|||||
| CVE-2019-13281 | 2 Fedoraproject, Glyphandcog | 2 Fedora, Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
|
|||||
| CVE-2019-13280 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.
|
|||||
| CVE-2019-13279 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
|
|||||
| CVE-2019-13276 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
|
|||||
| CVE-2019-13273 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.
|
|||||
| CVE-2019-13255 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.
|
|||||
| CVE-2019-13254 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808.
|
|||||
| CVE-2019-13253 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474.
|
|||||
| CVE-2019-13252 | 1 Acdsee | 1 Acdsee | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0.
|
|||||
| CVE-2019-13251 | 1 Acdsee | 1 Acdsee | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff.
|
|||||
| CVE-2019-13250 | 1 Acdsee | 1 Acdsee | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f.
|
|||||
| CVE-2019-13249 | 1 Acdsee | 1 Acdsee | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a.
|
|||||
| CVE-2019-13248 | 1 Acdsee | 1 Acdsee | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450.
|
|||||
| CVE-2019-13247 | 1 Acdsee | 1 Acdsee | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed.
|
|||||
| CVE-2019-13246 | 1 Faststone | 1 Image Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601.
|
|||||
| CVE-2019-13245 | 1 Faststone | 1 Image Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1.
|
|||||
| CVE-2019-13244 | 1 Faststone | 1 Image Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d.
|
|||||
| CVE-2019-13243 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6.
|
|||||
| CVE-2019-13242 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98.
|
|||||
| CVE-2019-13221 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
|
|||||
| CVE-2019-13217 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
|
|||||
| CVE-2019-13207 | 1 Nlnetlabs | 1 Name Server Daemon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.
|
|||||
| CVE-2019-13193 | 1 Brother | 600 Ads-2400n, Ads-2400n Firmware, Ads-2800w and 597 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.
|
|||||
| CVE-2019-13192 | 1 Brother | 600 Ads-2400n, Ads-2400n Firmware, Ads-2800w and 597 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.
|
|||||
| CVE-2019-13171 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.
|
|||||
| CVE-2019-13156 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
|
|||||
| CVE-2019-13132 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
|
|||||
| CVE-2019-13106 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-11-21 | 8.3 HIGH | 7.8 HIGH |
|
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
|
|||||
| CVE-2019-13104 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
|
|||||
| CVE-2019-13085 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
|
|||||
| CVE-2019-13084 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
|
|||||
| CVE-2019-13083 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
|
|||||
| CVE-2019-12951 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
|
|||||
| CVE-2019-12937 | 1 Toaruos Project | 1 Toaruos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.
|
|||||
| CVE-2019-12899 | 1 Deltaww | 1 Devicenet Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3.
|
|||||
| CVE-2019-12898 | 1 Deltaww | 1 Devicenet Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.
|
|||||
| CVE-2019-12896 | 1 Edrawsoft | 1 Edraw Max | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77.
|
|||||
| CVE-2019-12895 | 1 Alternate-tools | 1 Alternate Pic View | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d.
|
|||||