CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Memory Corruption) (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010295 119 Overflow Mem. Corr. 2019-07-15 2019-07-16
7.5
None Remote Low Not required Partial Partial Partial
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.
2 CVE-2019-1010293 20 Mem. Corr. 2019-07-15 2019-07-16
7.5
None Remote Low Not required Partial Partial Partial
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
3 CVE-2019-1010292 119 Overflow Mem. Corr. 2019-07-16 2019-07-22
7.5
None Remote Low Not required Partial Partial Partial
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
4 CVE-2019-1010258 119 Overflow Mem. Corr. 2019-05-15 2019-05-16
4.3
None Remote Medium Not required None None Partial
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file.
5 CVE-2019-14210 476 Mem. Corr. 2019-07-21 2019-07-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.
6 CVE-2019-11710 119 Overflow Mem. Corr. 2019-07-23 2019-08-15
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.
7 CVE-2019-11709 119 Overflow Mem. Corr. 2019-07-23 2019-07-29
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
8 CVE-2019-11683 399 DoS Mem. Corr. 2019-05-02 2019-06-14
10.0
None Remote Low Not required Complete Complete Complete
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
9 CVE-2019-10965 119 Exec Code Overflow Mem. Corr. 2019-05-28 2019-05-29
6.5
None Remote Low Single system Partial Partial Partial
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges.
10 CVE-2019-10126 119 Overflow Mem. Corr. 2019-06-14 2019-06-17
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
11 CVE-2019-9814 119 Overflow Mem. Corr. 2019-07-23 2019-07-26
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67.
12 CVE-2019-9805 119 Overflow Mem. Corr. 2019-04-26 2019-04-29
7.5
None Remote Low Not required Partial Partial Partial
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.
13 CVE-2019-9800 119 Overflow Mem. Corr. 2019-07-23 2019-07-26
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
14 CVE-2019-9792 119 Overflow Mem. Corr. 2019-04-26 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
15 CVE-2019-9789 119 Overflow Mem. Corr. 2019-04-26 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66.
16 CVE-2019-9788 119 Overflow Mem. Corr. 2019-04-26 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
17 CVE-2019-7137 200 Mem. Corr. +Info 2019-05-23 2019-05-24
4.3
None Remote Medium Not required Partial None None
Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.
18 CVE-2019-7104 119 Exec Code Overflow Mem. Corr. 2019-05-23 2019-05-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
19 CVE-2019-7103 119 Exec Code Overflow Mem. Corr. 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
20 CVE-2019-7102 119 Exec Code Overflow Mem. Corr. 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
21 CVE-2019-7101 119 Exec Code Overflow Mem. Corr. 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
22 CVE-2019-7100 119 Exec Code Overflow Mem. Corr. 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
23 CVE-2019-7099 119 Exec Code Overflow Mem. Corr. 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
24 CVE-2019-7098 119 Exec Code Overflow Mem. Corr. 2019-05-23 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
25 CVE-2019-5005 119 DoS Overflow Mem. Corr. 2019-01-03 2019-01-15
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.
26 CVE-2019-3837 119 Exec Code Overflow Mem. Corr. 2019-04-11 2019-04-22
4.9
None Local Low Not required None None Complete
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.
27 CVE-2019-3829 415 Mem. Corr. 2019-03-27 2019-05-30
5.0
None Remote Low Not required None None Partial
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
28 CVE-2019-3570 119 Overflow Mem. Corr. 2019-07-18 2019-08-05
7.5
None Remote Low Not required Partial Partial Partial
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
29 CVE-2019-2112 416 Exec Code Mem. Corr. 2019-07-08 2019-07-09
7.2
None Local Low Not required Complete Complete Complete
In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117997080.
30 CVE-2019-2111 416 Exec Code Mem. Corr. 2019-07-08 2019-07-09
7.5
None Remote Low Not required Partial Partial Partial
In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122856181.
31 CVE-2019-2105 119 Exec Code Overflow Mem. Corr. 2019-07-08 2019-07-09
6.8
None Remote Medium Not required Partial Partial Partial
In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182.
32 CVE-2019-2097 704 Exec Code Mem. Corr. 2019-06-07 2019-06-11
10.0
None Remote Low Not required Complete Complete Complete
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117606285.
33 CVE-2019-2096 415 Mem. Corr. 2019-06-07 2019-06-11
7.2
None Local Low Not required Complete Complete Complete
In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-123237974.
34 CVE-2019-2049 416 Mem. Corr. 2019-05-08 2019-05-09
7.2
None Local Low Not required Complete Complete Complete
In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9 Android ID: A-120445479
35 CVE-2019-2046 190 Exec Code Overflow Mem. Corr. 2019-05-08 2019-05-09
10.0
None Remote Low Not required Complete Complete Complete
In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220
36 CVE-2019-2029 416 Exec Code Mem. Corr. 2019-04-19 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120612744.
37 CVE-2019-2008 362 Mem. Corr. 2019-06-19 2019-06-20
7.6
None Remote High Not required Complete Complete Complete
In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-122309228
38 CVE-2019-2006 416 Mem. Corr. 2019-06-19 2019-06-20
10.0
None Remote Low Not required Complete Complete Complete
In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-116665972
39 CVE-2019-1892 119 DoS Overflow Mem. Corr. 2019-07-05 2019-07-17
5.0
None Remote Low Not required None None Partial
A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.
40 CVE-2019-1213 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-20
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
41 CVE-2019-1212 119 DoS Overflow Mem. Corr. 2019-08-14 2019-08-20
7.8
None Remote Low Not required None None Complete
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1206.
42 CVE-2019-1206 119 DoS Overflow Mem. Corr. 2019-08-14 2019-08-20
5.0
None Remote Low Not required None None Partial
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212.
43 CVE-2019-1199 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.
44 CVE-2019-1197 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-19
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196.
45 CVE-2019-1196 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-19
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1197.
46 CVE-2019-1195 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-19
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197.
47 CVE-2019-1194 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-20
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1133.
48 CVE-2019-1193 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-20
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
49 CVE-2019-1141 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-19
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.
50 CVE-2019-1140 119 Exec Code Overflow Mem. Corr. 2019-08-14 2019-08-19
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.
Total number of vulnerabilities : 5264   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.