Total
118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1918 | 1 Cisco | 2 Carrier Routing System, Ios Xr | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition. | |||||
| CVE-2019-19578 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. | |||||
| CVE-2019-17514 | 1 Python | 1 Python | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. | |||||
| CVE-2019-17264 | 1 Liblnk Project | 1 Liblnk | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue | |||||
| CVE-2019-16347 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | |||||
| CVE-2019-16346 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | |||||
| CVE-2019-11474 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | |||||
| CVE-2018-8319 | 1 Microsoft | 1 Research Javascript Cryptography Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library. | |||||
| CVE-2018-20999 | 1 Orion Project | 1 Orion | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. | |||||
| CVE-2018-18225 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. | |||||
| CVE-2018-16781 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. | |||||
| CVE-2018-15391 | 1 Cisco | 1 Remote | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition. | |||||
| CVE-2018-14439 | 1 Eblock | 1 Eos4j | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts. | |||||
| CVE-2018-11790 | 2 Apache, Canonical | 2 Openoffice, Ubuntu Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. | |||||
| CVE-2018-11262 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT. | |||||
| CVE-2017-13288 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768. | |||||
| CVE-2024-23981 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
| Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-45056 | 1 Matter-labs | 1 Zksolc | 2024-09-03 | N/A | 5.9 MEDIUM |
| zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. This issue has been addressed in version 1.5.3. Users are advised to upgrade and redeploy all contracts. There are no known workarounds for this vulnerability. | |||||