Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28588 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. | |||||
| CVE-2020-1913 | 1 Facebook | 1 Hermes | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2020-15225 | 2 Django-filter Project, Fedoraproject | 2 Django-filter, Fedora | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
| django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. | |||||
| CVE-2020-13545 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. | |||||
| CVE-2020-13544 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability. | |||||
| CVE-2020-12417 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2019-7310 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. | |||||
| CVE-2019-19958 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | |||||
| CVE-2019-19945 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. | |||||
| CVE-2019-19317 | 4 Netapp, Oracle, Siemens and 1 more | 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2019-16778 | 1 Google | 1 Tensorflow | 2024-11-21 | 7.5 HIGH | 2.6 LOW |
| In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0. | |||||
| CVE-2019-16200 | 1 Gnu | 1 Serveez | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | |||||
| CVE-2019-14842 | 1 Redhat | 1 Libnbd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution. | |||||
| CVE-2019-14563 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-10203 | 2 Linux, Powerdns | 2 Linux Kernel, Authoritative Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. | |||||
| CVE-2019-1010204 | 2 Gnu, Netapp | 4 Binutils, Binutils Gold, Hci Management Node and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. | |||||
| CVE-2018-8786 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. | |||||
| CVE-2018-5711 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. | |||||
| CVE-2018-5251 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-3999 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability. | |||||