Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14462 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | |||||
CVE-2019-1010305 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. | |||||
CVE-2019-3902 | 3 Debian, Mercurial, Redhat | 3 Debian Linux, Mercurial, Enterprise Linux | 2024-02-04 | 5.8 MEDIUM | 5.9 MEDIUM |
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | |||||
CVE-2019-12111 | 2 Debian, Miniupnp Project | 2 Debian Linux, Miniupnpd | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. | |||||
CVE-2019-12467 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
CVE-2019-14271 | 3 Debian, Docker, Opensuse | 3 Debian Linux, Docker, Leap | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | |||||
CVE-2019-14811 | 5 Artifex, Debian, Fedoraproject and 2 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | |||||
CVE-2019-1010302 | 3 Debian, Fedoraproject, Jhead Project | 3 Debian Linux, Fedora, Jhead | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. | |||||
CVE-2019-10650 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 5.8 MEDIUM | 8.1 HIGH |
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. | |||||
CVE-2019-12594 | 2 Debian, Dosbox | 2 Debian Linux, Dosbox | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
DOSBox 0.74-2 has Incorrect Access Control. | |||||
CVE-2019-9638 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | |||||
CVE-2019-3883 | 3 Debian, Fedoraproject, Redhat | 3 Debian Linux, 389 Directory Server, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. | |||||
CVE-2019-14973 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. | |||||
CVE-2019-9506 | 8 Apple, Blackberry, Canonical and 5 more | 274 Iphone Os, Mac Os X, Tvos and 271 more | 2024-02-04 | 4.8 MEDIUM | 8.1 HIGH |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. | |||||
CVE-2019-11487 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. | |||||
CVE-2019-15946 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2024-02-04 | 4.4 MEDIUM | 6.4 MEDIUM |
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | |||||
CVE-2019-5824 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-14493 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. | |||||
CVE-2019-13377 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery. | |||||
CVE-2019-1010069 | 2 Debian, Moinejf | 2 Debian Linux, Abcm2ps | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. |