Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3824 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. | |||||
CVE-2019-5798 | 6 Canonical, Debian, Google and 3 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2019-13161 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). | |||||
CVE-2019-13308 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. | |||||
CVE-2019-9854 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | |||||
CVE-2019-15216 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | |||||
CVE-2019-5822 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
CVE-2019-14534 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | |||||
CVE-2019-3858 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | |||||
CVE-2019-1787 | 3 Clamav, Debian, Opensuse | 3 Clamav, Debian Linux, Leap | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | |||||
CVE-2019-15666 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-02-04 | 4.9 MEDIUM | 4.4 MEDIUM |
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | |||||
CVE-2019-11036 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | |||||
CVE-2019-16168 | 8 Canonical, Debian, Fedoraproject and 5 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | |||||
CVE-2018-20836 | 6 Canonical, Debian, F5 and 3 more | 13 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 10 more | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | |||||
CVE-2019-5829 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
CVE-2019-3846 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | |||||
CVE-2019-9640 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. | |||||
CVE-2019-9956 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. | |||||
CVE-2019-9637 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. | |||||
CVE-2019-10018 | 3 Canonical, Debian, Xpdfreader | 3 Ubuntu Linux, Debian Linux, Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. |