Total
5264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13224 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | |||||
| CVE-2019-13132 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. | |||||
| CVE-2019-13118 | 7 Apple, Canonical, Fedoraproject and 4 more | 25 Icloud, Iphone Os, Itunes and 22 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | |||||
| CVE-2019-13117 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. | |||||
| CVE-2019-13115 | 5 Debian, F5, Fedoraproject and 2 more | 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. | |||||
| CVE-2019-13114 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | |||||
| CVE-2019-13113 | 3 Canonical, Exiv2, Fedoraproject | 3 Ubuntu Linux, Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | |||||
| CVE-2019-13112 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | |||||
| CVE-2019-13111 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. | |||||
| CVE-2019-13110 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | |||||
| CVE-2019-13109 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. | |||||
| CVE-2019-13108 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. | |||||
| CVE-2019-13107 | 2 Fedoraproject, Matio Project | 2 Fedora, Matio | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c | |||||
| CVE-2019-13050 | 5 F5, Fedoraproject, Gnupg and 2 more | 5 Traffix Signaling Delivery Controller, Fedora, Gnupg and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. | |||||
| CVE-2019-13038 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | |||||
| CVE-2019-13033 | 3 Cisofy, Debian, Fedoraproject | 3 Lynis, Debian Linux, Fedora | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. | |||||
| CVE-2019-12957 | 2 Fedoraproject, Glyphandcog | 2 Fedora, Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. | |||||
| CVE-2019-12922 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | |||||
| CVE-2019-12854 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it. | |||||
| CVE-2019-12838 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | |||||