Total
11938 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13193 | 1 Brother | 600 Ads-2400n, Ads-2400n Firmware, Ads-2800w and 597 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2019-13192 | 1 Brother | 600 Ads-2400n, Ads-2400n Firmware, Ads-2800w and 597 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2019-13171 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. | |||||
| CVE-2019-13156 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. | |||||
| CVE-2019-13132 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. | |||||
| CVE-2019-13106 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-11-21 | 8.3 HIGH | 7.8 HIGH |
| Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||||
| CVE-2019-13104 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | |||||
| CVE-2019-13085 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa. | |||||
| CVE-2019-13084 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739. | |||||
| CVE-2019-13083 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a. | |||||
| CVE-2019-12951 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow. | |||||
| CVE-2019-12896 | 1 Edrawsoft | 1 Edraw Max | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77. | |||||
| CVE-2019-12835 | 1 Leanify Project | 1 Leanify | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping. | |||||
| CVE-2019-12817 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | |||||
| CVE-2019-12810 | 2 Estsoft, Microsoft | 2 Alsee, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. | |||||
| CVE-2019-12807 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code. | |||||
| CVE-2019-12806 | 2 Crosscert, Microsoft | 2 Unisign, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets. | |||||
| CVE-2019-12788 | 1 Photodex | 1 Proshow Producer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file. | |||||
| CVE-2019-12568 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567. | |||||
| CVE-2019-12567 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568. | |||||