Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-12975 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. | |||||
CVE-2019-14778 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
CVE-2019-5831 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-3880 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. | |||||
CVE-2018-20177 | 3 Debian, Opensuse, Rdesktop | 4 Debian Linux, Backports, Leap and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | |||||
CVE-2019-10896 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | |||||
CVE-2019-15142 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. | |||||
CVE-2019-11455 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). | |||||
CVE-2019-2698 | 6 Canonical, Debian, Hp and 3 more | 15 Ubuntu Linux, Debian Linux, Xp7 Command View and 12 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
CVE-2019-12529 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages. | |||||
CVE-2019-11222 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. | |||||
CVE-2019-16235 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | |||||
CVE-2018-21010 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | |||||
CVE-2019-3460 | 4 Canonical, Debian, Linux and 1 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | |||||
CVE-2019-12470 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-13484 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. | |||||
CVE-2019-3882 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. | |||||
CVE-2019-14777 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
CVE-2019-9706 | 1 Debian | 2 Cron, Debian Linux | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. | |||||
CVE-2019-5828 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |