Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12893 | 1 Alternate-tools | 1 Alternate Pic View | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.
|
|||||
| CVE-2019-12835 | 1 Leanify Project | 1 Leanify | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
|
|||||
| CVE-2019-12829 | 1 Radare | 1 Radare2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.
|
|||||
| CVE-2019-12827 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
|
|||||
| CVE-2019-12817 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
|
|||||
| CVE-2019-12810 | 2 Estsoft, Microsoft | 2 Alsee, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
|
|||||
| CVE-2019-12807 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
|
|||||
| CVE-2019-12806 | 2 Crosscert, Microsoft | 2 Unisign, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.
|
|||||
| CVE-2019-12788 | 1 Photodex | 1 Proshow Producer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
|
|||||
| CVE-2019-12568 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.
|
|||||
| CVE-2019-12567 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.
|
|||||
| CVE-2019-12553 | 1 Sweetscape | 1 010 Editor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
|
|||||
| CVE-2019-12551 | 1 Sweetscape | 1 010 Editor | 2024-11-21 | 5.8 MEDIUM | 5.5 MEDIUM |
|
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
|
|||||
| CVE-2019-12527 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
|
|||||
| CVE-2019-12526 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
|
|||||
| CVE-2019-12525 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
|
|||||
| CVE-2019-12521 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while pr ...
Show More |
|||||
| CVE-2019-12519 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
|
|||||
| CVE-2019-12495 | 1 Tinycc | 1 Tinycc | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches.
|
|||||
| CVE-2019-12325 | 1 Htek | 2 Uc902, Uc902 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.
|
|||||
| CVE-2019-12323 | 1 Hostingcontroller | 1 Hc10 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
|
|||||
| CVE-2019-12298 | 1 Leanify Project | 1 Leanify | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file.
|
|||||
| CVE-2019-12266 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2024-11-21 | 10.0 HIGH | 7.6 HIGH |
|
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
|
|||||
| CVE-2019-12263 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
|
|||||
| CVE-2019-12221 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
|
|||||
| CVE-2019-12216 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
|
|||||
| CVE-2019-12211 | 2 Canonical, Freeimage Project | 2 Ubuntu Linux, Freeimage | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
|
|||||
| CVE-2019-12208 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
|
|||||
| CVE-2019-12206 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
|
|||||
| CVE-2019-12158 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.
|
|||||
| CVE-2019-12083 | 3 Fedoraproject, Opensuse, Rust-lang | 3 Fedora, Leap, Rust | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
|
|||||
| CVE-2019-11957 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-11933 | 2 Libpl Droidsonroids Gif Project, Whatsapp | 2 Libpl Droidsonroids Gif, Whatsapp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.
|
|||||
| CVE-2019-11931 | 1 Whatsapp | 3 Whatsapp, Whatsapp Business, Whatsapp Enterprise Client | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
|
|||||
| CVE-2019-11921 | 1 Facebook | 1 Proxygen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00.
|
|||||
| CVE-2019-11873 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains t ...
Show More |
|||||
| CVE-2019-11868 | 1 Softether | 1 See.sys | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.
|
|||||
| CVE-2019-11850 | 1 Sierrawireless | 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution
|
|||||
| CVE-2019-11849 | 1 Sierrawireless | 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.
|
|||||
| CVE-2019-11848 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 6.5 MEDIUM | 4.1 MEDIUM |
|
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
|
|||||