Total
12074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10164 | 4 Fedoraproject, Opensuse, Postgresql and 1 more | 4 Fedora, Leap, Postgresql and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. | |||||
| CVE-2019-10126 | 6 Canonical, Debian, Linux and 3 more | 26 Ubuntu Linux, Debian Linux, Linux Kernel and 23 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | |||||
| CVE-2019-10122 | 1 Eq-3 | 4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution. | |||||
| CVE-2019-10097 | 2 Apache, Oracle | 8 Http Server, Communications Element Manager, Communications Session Report Manager and 5 more | 2024-11-21 | 6.0 MEDIUM | 7.2 HIGH |
| In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. | |||||
| CVE-2019-10081 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. | |||||
| CVE-2019-10056 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction. | |||||
| CVE-2019-1010301 | 3 Debian, Fedoraproject, Jhead Project | 3 Debian Linux, Fedora, Jhead | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. | |||||
| CVE-2019-1010298 | 1 Linaro | 1 Op-tee | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010297 | 1 Linaro | 1 Op-tee | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010296 | 1 Linaro | 1 Op-tee | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010295 | 1 Linaro | 1 Op-tee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010293 | 1 Linaro | 1 Op-tee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010292 | 1 Linaro | 1 Op-tee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. | |||||
| CVE-2019-1010258 | 1 Nanosvg Project | 1 Nanosvg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file. | |||||
| CVE-2019-1010238 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. | |||||
| CVE-2019-1010232 | 1 Juniper | 1 Libslax | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601(funtion:slaxGetInput). The attack vector is: ./slaxproc --slax-to-xslt POC0. | |||||
| CVE-2019-1010228 | 2 Fedoraproject, Offis | 2 Fedora, Dcmtk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e. | |||||
| CVE-2019-1010218 | 1 Cherokee-project | 1 Cherokee Web Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version is: There's no fix yet. | |||||
| CVE-2019-1010176 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0. | |||||
| CVE-2019-1010163 | 1 Socusoft | 1 Photo 2 Video Converter | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley). | |||||