Total
2629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2297 | 1 Qualcomm | 60 Apq8009, Apq8009 Firmware, Apq8017 and 57 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150 | |||||
| CVE-2019-2242 | 1 Qualcomm | 96 Apq8009, Apq8009 Firmware, Apq8016 and 93 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8016, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SM6150, SM7150, SXR1130 | |||||
| CVE-2019-2181 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2019-2179 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2019-2134 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132083376. | |||||
| CVE-2019-2046 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220 | |||||
| CVE-2019-2034 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122035770. | |||||
| CVE-2019-2007 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-120789744 | |||||
| CVE-2019-25039 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25038 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25034 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25033 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25032 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25005 | 1 Chacha20 Project | 1 Chacha20 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext. | |||||
| CVE-2019-20788 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. | |||||
| CVE-2019-20787 | 2 Opensuse, Teeworlds | 2 Leap, Teeworlds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. | |||||
| CVE-2019-20561 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019). | |||||
| CVE-2019-20205 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. | |||||
| CVE-2019-1993 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-119819889. | |||||
| CVE-2019-1551 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). | |||||