Total
12847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9675 | 3 Canonical, Opensuse, Php | 3 Ubuntu Linux, Leap, Php | 2024-11-21 | N/A |
| An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible. | ||||
| CVE-2019-9588 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | N/A |
| There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2019-9456 | 3 Google, Opensuse, Redhat | 4 Android, Leap, Enterprise Linux and 1 more | 2024-11-21 | 6.7 Medium |
| In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2019-9454 | 2 Google, Redhat | 7 Android, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 6.7 Medium |
| In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2019-9423 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616 | ||||
| CVE-2019-9162 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2024-11-21 | 7.8 High |
| In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. | ||||
| CVE-2019-9022 | 5 Canonical, Debian, Netapp and 2 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | N/A |
| An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. | ||||
| CVE-2019-9020 | 6 Canonical, Debian, Netapp and 3 more | 7 Ubuntu Linux, Debian Linux, Storage Automation Store and 4 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. | ||||
| CVE-2019-9019 | 1 British Airways | 1 Entertainment System | 2024-11-21 | N/A |
| The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact. | ||||
| CVE-2019-8996 | 1 Signiant | 1 Manager\+agents | 2024-11-21 | 9.8 Critical |
| In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. | ||||
| CVE-2019-8936 | 5 Fedoraproject, Hpe, Netapp and 2 more | 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more | 2024-11-21 | 7.5 High |
| NTP through 4.2.8p12 has a NULL Pointer Dereference. | ||||
| CVE-2019-8922 | 3 Bluez, Debian, Linux | 3 Bluez, Debian Linux, Linux Kernel | 2024-11-21 | 8.8 High |
| A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. | ||||
| CVE-2019-8844 | 2 Apple, Redhat | 11 Icloud, Ipados, Iphone Os and 8 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8835 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8745 | 1 Apple | 4 Icloud, Itunes, Mac Os X and 1 more | 2024-11-21 | 8.8 High |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution. | ||||
| CVE-2019-8598 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 5.5 Medium |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory. | ||||
| CVE-2019-8577 | 1 Apple | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 7.8 High |
| An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. | ||||
| CVE-2019-8555 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.8 High |
| A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2019-8396 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." | ||||
| CVE-2019-8383 | 4 Advancemame, Debian, Fedoraproject and 1 more | 7 Advancecomp, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | ||||