Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13962 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | |||||
CVE-2019-9778 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. | |||||
CVE-2019-14744 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-12-10 | 5.1 MEDIUM | 7.8 HIGH |
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | |||||
CVE-2019-5459 | 2 Opensuse, Videolan | 4 Backports, Backports Sle, Leap and 1 more | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | |||||
CVE-2019-12098 | 4 Debian, Fedoraproject, Heimdal Project and 1 more | 5 Debian Linux, Fedora, Heimdal and 2 more | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. | |||||
CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | |||||
CVE-2019-5796 | 2 Google, Opensuse | 3 Chrome, Backports Sle, Leap | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-9772 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. | |||||
CVE-2019-13616 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | |||||
CVE-2019-5058 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
CVE-2019-9773 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. | |||||
CVE-2019-9499 | 6 Debian, Fedoraproject, Freebsd and 3 more | 9 Debian Linux, Fedora, Freebsd and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. | |||||
CVE-2019-9774 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c. | |||||
CVE-2019-11474 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | |||||
CVE-2019-11506 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. | |||||
CVE-2019-9752 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. | |||||
CVE-2019-5794 | 2 Google, Opensuse | 3 Chrome, Backports Sle, Leap | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
CVE-2019-5059 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
CVE-2019-9779 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776). | |||||
CVE-2019-5060 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. |