Total
1910 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9779 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776). | |||||
CVE-2019-3839 | 6 Artifex, Canonical, Debian and 3 more | 6 Ghostscript, Ubuntu Linux, Debian Linux and 3 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. | |||||
CVE-2019-14250 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. | |||||
CVE-2019-5839 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. | |||||
CVE-2019-11005 | 2 Graphicsmagick, Opensuse | 2 Graphicsmagick, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. | |||||
CVE-2019-16234 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2023-12-10 | 4.7 MEDIUM | 4.7 MEDIUM |
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | |||||
CVE-2019-2126 | 4 Canonical, Fedoraproject, Google and 1 more | 4 Ubuntu Linux, Fedora, Android and 1 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. | |||||
CVE-2019-8325 | 3 Debian, Opensuse, Rubygems | 3 Debian Linux, Leap, Rubygems | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) | |||||
CVE-2019-5814 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2019-5793 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||
CVE-2019-5060 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
CVE-2019-5808 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-13619 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. | |||||
CVE-2019-11038 | 8 Canonical, Debian, Fedoraproject and 5 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | |||||
CVE-2019-11724 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. | |||||
CVE-2019-11779 | 5 Canonical, Debian, Eclipse and 2 more | 6 Ubuntu Linux, Debian Linux, Mosquitto and 3 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | |||||
CVE-2019-15215 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. | |||||
CVE-2019-11720 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. | |||||
CVE-2019-15919 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. | |||||
CVE-2019-12525 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1. |