Total
9606 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3922 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code. | |||||
CVE-2019-6536 | 1 Lcds | 1 Laquis Scada | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. | |||||
CVE-2019-0645 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0650. | |||||
CVE-2019-0590 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | |||||
CVE-2019-13485 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. | |||||
CVE-2019-7800 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-7818 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-9770 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. | |||||
CVE-2018-11929 | 1 Qualcomm | 58 Mdm9150, Mdm9150 Firmware, Mdm9206 and 55 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24 | |||||
CVE-2019-15937 | 1 Pengutronix | 1 Barebox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | |||||
CVE-2019-6530 | 1 Panasonic | 1 Control Fpwin Pro | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. | |||||
CVE-2019-6750 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639. | |||||
CVE-2019-13602 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | |||||
CVE-2019-7103 | 2 Adobe, Microsoft | 2 Shockwave Player, Windows | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-5057 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
CVE-2019-7104 | 1 Adobe | 1 Shockwave Player | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-8271 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. | |||||
CVE-2019-1199 | 1 Microsoft | 2 Office, Office 365 Proplus | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'. | |||||
CVE-2019-2013 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120497583 | |||||
CVE-2019-0785 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. |