Vulnerabilities (CVE)

Filtered by CWE-787
Total 9629 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-0763 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2023-12-10 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
CVE-2019-6755 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2023-12-10 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613.
CVE-2019-1788 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.
CVE-2019-5685 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2023-12-10 10.0 HIGH 9.8 CRITICAL
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.
CVE-2019-6550 1 Advantech 1 Webaccess 2023-12-10 7.5 HIGH 9.8 CRITICAL
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
CVE-2019-12158 1 Gohttp Project 1 Gohttp 2023-12-10 7.5 HIGH 9.8 CRITICAL
GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.
CVE-2019-13577 1 Computerlab 1 Maple Computer Wbt Snmp Administrator 2023-12-10 7.5 HIGH 9.8 CRITICAL
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
CVE-2019-13304 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
CVE-2019-2045 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758
CVE-2018-18912 1 Sharing-file 1 Easy File Sharing Web Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code.
CVE-2019-1212 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2023-12-10 7.8 HIGH 7.5 HIGH
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1206.
CVE-2019-1989 1 Google 1 Android 2023-12-10 9.3 HIGH 8.8 HIGH
In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118399205
CVE-2019-11838 1 F5 1 Njs 2023-12-10 7.5 HIGH 9.8 CRITICAL
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
CVE-2019-16294 2 Notepad-plus-plus, Scintilla 2 Notepad\+\+, Scintilla 2023-12-10 6.8 MEDIUM 7.8 HIGH
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-11835 2 Cjson Project, Oracle 2 Cjson, Timesten In-memory Database 2023-12-10 7.5 HIGH 9.8 CRITICAL
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
CVE-2019-1580 1 Paloaltonetworks 1 Pan-os 2023-12-10 10.0 HIGH 9.8 CRITICAL
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
CVE-2019-13631 1 Linux 1 Linux Kernel 2023-12-10 4.6 MEDIUM 6.8 MEDIUM
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
CVE-2019-10878 1 Teeworlds 1 Teeworlds 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.
CVE-2019-1056 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2023-12-10 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059.
CVE-2019-5482 6 Debian, Fedoraproject, Haxx and 3 more 17 Debian Linux, Fedora, Curl and 14 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.