Total
6166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12220 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. | |||||
| CVE-2019-12083 | 3 Fedoraproject, Opensuse, Rust-lang | 3 Fedora, Leap, Rust | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | |||||
| CVE-2019-11473 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | |||||
| CVE-2019-11455 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). | |||||
| CVE-2019-11373 | 2 Fedoraproject, Mediaarea | 2 Fedora, Mediainfo | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. | |||||
| CVE-2019-11372 | 2 Fedoraproject, Mediaarea | 2 Fedora, Mediainfo | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. | |||||
| CVE-2019-11050 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11047 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-11-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11046 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. | |||||
| CVE-2019-11036 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | |||||
| CVE-2019-10975 | 1 Fujielectric | 2 Alpha7 Pc Loader, Alpha7 Pc Loader Firmware | 2023-11-07 | 3.3 LOW | 6.6 MEDIUM |
| An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system. | |||||
| CVE-2019-10903 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. | |||||
| CVE-2019-10899 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. | |||||
| CVE-2019-10895 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. | |||||
| CVE-2019-10872 | 1 Freedesktop | 1 Poppler | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. | |||||
| CVE-2019-10871 | 1 Freedesktop | 1 Poppler | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. | |||||
| CVE-2019-1010220 | 1 Tcpdump | 1 Tcpdump | 2023-11-07 | 4.3 MEDIUM | 3.3 LOW |
| tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. | |||||
| CVE-2019-1010204 | 2 Gnu, Netapp | 4 Binutils, Binutils Gold, Hci Management Node and 1 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. | |||||
| CVE-2019-1000019 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. | |||||
| CVE-2019-0210 | 3 Apache, Oracle, Redhat | 4 Thrift, Communications Cloud Native Core Network Slice Selection Function, Enterprise Linux Server and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. | |||||