| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1010295 |
119 |
|
Overflow Mem. Corr. |
2019-07-15 |
2019-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. |
|
2 |
CVE-2019-1010293 |
20 |
|
Mem. Corr. |
2019-07-15 |
2019-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. |
|
3 |
CVE-2019-1010292 |
119 |
|
Overflow Mem. Corr. |
2019-07-16 |
2019-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. |
|
4 |
CVE-2019-1010258 |
119 |
|
Overflow Mem. Corr. |
2019-05-15 |
2019-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file. |
|
5 |
CVE-2019-16905 |
|
|
Exec Code Overflow Mem. Corr. |
2019-10-09 |
2019-10-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. |
|
6 |
CVE-2019-16167 |
190 |
|
Overflow Mem. Corr. |
2019-09-09 |
2019-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. |
|
7 |
CVE-2019-15554 |
119 |
|
Overflow Mem. Corr. |
2019-08-26 |
2019-09-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity. |
|
8 |
CVE-2019-15543 |
119 |
|
Overflow Mem. Corr. |
2019-08-26 |
2019-09-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases. |
|
9 |
CVE-2019-14570 |
|
|
DoS Mem. Corr. |
2019-10-11 |
2019-10-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
|
10 |
CVE-2019-14210 |
476 |
|
Mem. Corr. |
2019-07-21 |
2019-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object. |
|
11 |
CVE-2019-12810 |
787 |
|
Exec Code Mem. Corr. |
2019-08-30 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. |
|
12 |
CVE-2019-11740 |
119 |
|
Overflow Mem. Corr. |
2019-09-27 |
2019-10-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
|
13 |
CVE-2019-11735 |
120 |
|
Mem. Corr. |
2019-09-27 |
2019-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. |
|
14 |
CVE-2019-11734 |
120 |
|
Mem. Corr. |
2019-09-27 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69. |
|
15 |
CVE-2019-11710 |
119 |
|
Overflow Mem. Corr. |
2019-07-23 |
2019-08-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. |
|
16 |
CVE-2019-11709 |
119 |
|
Overflow Mem. Corr. |
2019-07-23 |
2019-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
|
17 |
CVE-2019-11683 |
399 |
|
DoS Mem. Corr. |
2019-05-02 |
2019-06-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. |
|
18 |
CVE-2019-10965 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-28 |
2019-05-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. |
|
19 |
CVE-2019-10126 |
119 |
|
Overflow Mem. Corr. |
2019-06-14 |
2019-06-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. |
|
20 |
CVE-2019-9814 |
119 |
|
Overflow Mem. Corr. |
2019-07-23 |
2019-07-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. |
|
21 |
CVE-2019-9805 |
119 |
|
Overflow Mem. Corr. |
2019-04-26 |
2019-04-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66. |
|
22 |
CVE-2019-9800 |
119 |
|
Overflow Mem. Corr. |
2019-07-23 |
2019-07-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. |
|
23 |
CVE-2019-9792 |
119 |
|
Overflow Mem. Corr. |
2019-04-26 |
2019-05-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. |
|
24 |
CVE-2019-9789 |
119 |
|
Overflow Mem. Corr. |
2019-04-26 |
2019-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66. |
|
25 |
CVE-2019-9788 |
119 |
|
Overflow Mem. Corr. |
2019-04-26 |
2019-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. |
|
26 |
CVE-2019-9457 |
190 |
|
Overflow Mem. Corr. |
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
|
27 |
CVE-2019-9454 |
787 |
|
Mem. Corr. |
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
28 |
CVE-2019-9450 |
362 |
|
Mem. Corr. |
2019-09-06 |
2019-09-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
29 |
CVE-2019-9442 |
416 |
|
Mem. Corr. |
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. |
|
30 |
CVE-2019-9429 |
787 |
|
Mem. Corr. |
2019-09-27 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110035108 |
|
31 |
CVE-2019-9290 |
770 |
|
Mem. Corr. |
2019-09-27 |
2019-10-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113039724 |
|
32 |
CVE-2019-7137 |
200 |
|
Mem. Corr. +Info |
2019-05-23 |
2019-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. |
|
33 |
CVE-2019-7104 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-23 |
2019-05-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
34 |
CVE-2019-7103 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-23 |
2019-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
35 |
CVE-2019-7102 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-23 |
2019-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
36 |
CVE-2019-7101 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-23 |
2019-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
37 |
CVE-2019-7100 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-23 |
2019-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
38 |
CVE-2019-7099 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-23 |
2019-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
39 |
CVE-2019-7098 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-05-23 |
2019-05-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
40 |
CVE-2019-6541 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-02-12 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. |
|
41 |
CVE-2019-5067 |
416 |
|
Exec Code Mem. Corr. |
2019-09-18 |
2019-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. |
|
42 |
CVE-2019-5050 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-10-09 |
2019-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. |
|
43 |
CVE-2019-5048 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-10-09 |
2019-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. |
|
44 |
CVE-2019-5046 |
787 |
|
Exec Code Mem. Corr. |
2019-10-09 |
2019-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. |
|
45 |
CVE-2019-5045 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-10-09 |
2019-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. |
|
46 |
CVE-2019-5031 |
755 |
|
Exec Code Mem. Corr. |
2019-10-02 |
2019-10-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
|
47 |
CVE-2019-5005 |
119 |
|
DoS Overflow Mem. Corr. |
2019-01-03 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption. |
|
48 |
CVE-2019-3837 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-04-11 |
2019-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption. |
|
49 |
CVE-2019-3829 |
415 |
|
Mem. Corr. |
2019-03-27 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. |
|
50 |
CVE-2019-3570 |
119 |
|
Overflow Mem. Corr. |
2019-07-18 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. |
