Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9576 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245. | |||||
| CVE-2018-9577 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937. | |||||
| CVE-2018-9578 | 1 Google | 1 Android | 2019-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928. | |||||
| CVE-2019-18840 | 1 Wolfssl | 1 Wolfssl | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. | |||||
| CVE-2019-2285 | 1 Qualcomm | 72 Msm8909w, Msm8909w Firmware, Msm8996au and 69 more | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-18819 | 1 Eximioussoft | 1 Logo Designer | 2019-11-08 | 2.1 LOW | 5.5 MEDIUM |
| Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7. | |||||
| CVE-2019-18820 | 1 Eximioussoft | 1 Logo Designer | 2019-11-08 | 2.1 LOW | 5.5 MEDIUM |
| Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78. | |||||
| CVE-2019-18821 | 1 Eximioussoft | 1 Logo Designer | 2019-11-08 | 1.9 LOW | 5.5 MEDIUM |
| Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053. | |||||
| CVE-2019-5049 | 1 Amd | 6 Radeon 550, Radeon 550 Firmware, Radeon Rx 550 and 3 more | 2019-11-07 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||
| CVE-2019-15683 | 1 Turbovnc | 1 Turbovnc | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e. | |||||
| CVE-2013-2739 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2019-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| MiniDLNA has heap-based buffer overflow | |||||
| CVE-2016-4289 | 1 Gmer | 1 Gmer | 2019-11-01 | 2.1 LOW | 5.5 MEDIUM |
| A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability. | |||||
| CVE-2019-17139 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692. | |||||
| CVE-2019-17144 | 1 Foxitsoftware | 1 Phantompdf | 2019-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274. | |||||
| CVE-2019-17145 | 1 Foxitsoftware | 1 Phantompdf | 2019-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276. | |||||
| CVE-2019-16265 | 1 Codesys | 2 Codesys, Eni Server | 2019-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | |||||
| CVE-2019-13545 | 1 Hornerautomation | 1 Cscape | 2019-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. | |||||
| CVE-2019-2184 | 1 Google | 1 Android | 2019-10-16 | 9.3 HIGH | 8.8 HIGH |
| In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122 | |||||
| CVE-2019-2185 | 1 Google | 1 Android | 2019-10-16 | 9.3 HIGH | 8.8 HIGH |
| In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699 | |||||
| CVE-2019-2186 | 1 Google | 1 Android | 2019-10-16 | 9.3 HIGH | 8.8 HIGH |
| In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447 | |||||