Total
12879 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11516 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition. | |||||
| CVE-2019-11506 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. | |||||
| CVE-2019-11505 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. | |||||
| CVE-2019-11500 | 3 Debian, Dovecot, Fedoraproject | 4 Debian Linux, Dovecot, Pigeonhole and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. | |||||
| CVE-2019-11474 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | |||||
| CVE-2019-11417 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. | |||||
| CVE-2019-11411 | 1 Artifex | 1 Mujs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. | |||||
| CVE-2019-11395 | 1 Tabslab | 1 Mailcarrier | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR. | |||||
| CVE-2019-11371 | 1 Burrow-wheeler Aligner Project | 1 Burrow-wheeler Aligner | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c. | |||||
| CVE-2019-11365 | 1 Atftp Project | 1 Atftp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. | |||||
| CVE-2019-11360 | 1 Netfilter | 1 Iptables | 2024-11-21 | 3.5 LOW | 4.2 MEDIUM |
| A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. | |||||
| CVE-2019-11356 | 5 Canonical, Cyrus, Debian and 2 more | 8 Ubuntu Linux, Imap, Debian Linux and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. | |||||
| CVE-2019-11222 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. | |||||
| CVE-2019-11221 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. | |||||
| CVE-2019-11182 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2019-11171 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. | |||||
| CVE-2019-11153 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access. | |||||
| CVE-2019-11152 | 1 Intel | 26 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 23 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access. | |||||
| CVE-2019-11151 | 1 Intel | 26 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 23 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | |||||
| CVE-2019-11129 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||