Total
7074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19927 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
| In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. | |||||
| CVE-2019-19818 | 1 Gonitro | 1 Nitro Free Pdf Reader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content. | |||||
| CVE-2019-19817 | 1 Gonitro | 1 Nitro Free Pdf Reader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content. | |||||
| CVE-2019-19778 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c. | |||||
| CVE-2019-19777 | 2 Libsixel Project, Nothings | 2 Libsixel, Stb Image.h | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | |||||
| CVE-2019-19648 | 2 Fedoraproject, Virustotal | 2 Fedora, Yara | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. | |||||
| CVE-2019-19624 | 2 Opencv, Redhat | 2 Opencv, Enterprise Linux | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. | |||||
| CVE-2019-19479 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | |||||
| CVE-2019-19449 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). | |||||
| CVE-2019-19307 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. | |||||
| CVE-2019-19275 | 1 Python | 1 Typed Ast | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) | |||||
| CVE-2019-19274 | 1 Python | 1 Typed Ast | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) | |||||
| CVE-2019-19252 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. | |||||
| CVE-2019-19246 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | |||||
| CVE-2019-19221 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. | |||||
| CVE-2019-19204 | 3 Debian, Fedoraproject, Oniguruma Project | 3 Debian Linux, Fedora, Oniguruma | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. | |||||
| CVE-2019-19203 | 2 Fedoraproject, Oniguruma Project | 2 Fedora, Oniguruma | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. | |||||
| CVE-2019-19035 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. | |||||
| CVE-2019-19012 | 4 Debian, Fedoraproject, Oniguruma Project and 1 more | 4 Debian Linux, Fedora, Oniguruma and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. | |||||
| CVE-2019-18849 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | |||||