Total
7242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12293 | 1 Freedesktop | 1 Poppler | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. | |||||
| CVE-2019-12222 | 1 Libsdl | 1 Simple Directmedia Layer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. | |||||
| CVE-2019-12220 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. | |||||
| CVE-2019-12214 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data. | |||||
| CVE-2019-12207 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | |||||
| CVE-2019-12198 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header. | |||||
| CVE-2019-12159 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL. | |||||
| CVE-2019-12083 | 3 Fedoraproject, Opensuse, Rust-lang | 3 Fedora, Leap, Rust | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | |||||
| CVE-2019-11934 | 1 Facebook | 1 Folly | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00. | |||||
| CVE-2019-11926 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | |||||
| CVE-2019-11925 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | |||||
| CVE-2019-11852 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 6.4 MEDIUM | 3.7 LOW |
| An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. | |||||
| CVE-2019-11835 | 2 Cjson Project, Oracle | 2 Cjson, Timesten In-memory Database | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. | |||||
| CVE-2019-11834 | 2 Cjson Project, Oracle | 2 Cjson, Timesten In-memory Database | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. | |||||
| CVE-2019-11823 | 1 Synology | 1 Router Manager | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | |||||
| CVE-2019-11766 | 2 Debian, Dhcpcd Project | 2 Debian Linux, Dhcpcd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | |||||
| CVE-2019-11719 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-11638 | 1 Gnu | 1 Recutils | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. | |||||
| CVE-2019-11637 | 1 Gnu | 1 Recutils | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. | |||||
| CVE-2019-11598 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. | |||||