Total
6803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10951 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap. | |||||
| CVE-2019-10947 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack. | |||||
| CVE-2019-10896 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | |||||
| CVE-2019-10882 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. | |||||
| CVE-2019-10604 | 1 Qualcomm | 56 Apq8053, Apq8053 Firmware, Apq8096au and 53 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet, in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-10569 | 1 Qualcomm | 36 Apq8053, Apq8053 Firmware, Apq8098 and 33 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2019-10193 | 5 Canonical, Debian, Oracle and 2 more | 9 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 6 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | |||||
| CVE-2019-10192 | 5 Canonical, Debian, Oracle and 2 more | 10 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 7 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. | |||||
| CVE-2019-10164 | 4 Fedoraproject, Opensuse, Postgresql and 1 more | 4 Fedora, Leap, Postgresql and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. | |||||
| CVE-2019-10097 | 2 Apache, Oracle | 8 Http Server, Communications Element Manager, Communications Session Report Manager and 5 more | 2024-11-21 | 6.0 MEDIUM | 7.2 HIGH |
| In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. | |||||
| CVE-2019-10081 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. | |||||
| CVE-2019-1010218 | 1 Cherokee-project | 1 Cherokee Web Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version is: There's no fix yet. | |||||
| CVE-2019-1010057 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. | |||||
| CVE-2019-1010006 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Evince and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. | |||||
| CVE-2019-0940 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | |||||
| CVE-2019-0937 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933. | |||||
| CVE-2019-0933 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0937. | |||||
| CVE-2019-0929 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2019 | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | |||||
| CVE-2019-0927 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0933, CVE-2019-0937. | |||||
| CVE-2019-0926 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. | |||||