| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-16119 |
416 |
|
|
2021-01-14 |
2021-03-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. |
|
2 |
CVE-2019-1000020 |
835 |
|
|
2019-02-04 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. |
|
3 |
CVE-2019-1000019 |
125 |
|
DoS |
2019-02-04 |
2019-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. |
|
4 |
CVE-2019-17544 |
125 |
|
|
2019-10-14 |
2019-10-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
|
5 |
CVE-2019-14615 |
200 |
|
+Info |
2020-01-17 |
2020-02-20 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. |
|
6 |
CVE-2019-11068 |
|
|
Bypass |
2019-04-10 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
|
7 |
CVE-2019-9675 |
119 |
|
Overflow |
2019-03-11 |
2019-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." |
|
8 |
CVE-2019-9641 |
119 |
|
Overflow |
2019-03-09 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. |
|
9 |
CVE-2019-9640 |
119 |
|
Overflow |
2019-03-09 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. |
|
10 |
CVE-2019-9639 |
119 |
|
Overflow |
2019-03-09 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. |
|
11 |
CVE-2019-9638 |
119 |
|
Overflow |
2019-03-09 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. |
|
12 |
CVE-2019-9637 |
264 |
|
|
2019-03-09 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. |
|
13 |
CVE-2019-9628 |
20 |
|
|
2019-04-11 |
2019-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. |
|
14 |
CVE-2019-9213 |
476 |
|
|
2019-03-05 |
2019-06-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. |
|
15 |
CVE-2019-9210 |
125 |
|
Overflow |
2019-02-27 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) |
|
16 |
CVE-2019-9200 |
787 |
|
DoS |
2019-02-26 |
2020-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. |
|
17 |
CVE-2019-9024 |
125 |
|
|
2019-02-22 |
2019-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. |
|
18 |
CVE-2019-9023 |
125 |
|
|
2019-02-22 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. |
|
19 |
CVE-2019-9022 |
125 |
|
|
2019-02-22 |
2019-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries. |
|
20 |
CVE-2019-9021 |
125 |
|
|
2019-02-22 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. |
|
21 |
CVE-2019-9020 |
125 |
|
|
2019-02-22 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. |
|
22 |
CVE-2019-7663 |
|
|
|
2019-02-09 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. |
|
23 |
CVE-2019-7524 |
119 |
|
Overflow |
2019-03-28 |
2019-06-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. |
|
24 |
CVE-2019-7310 |
125 |
|
DoS |
2019-02-03 |
2020-11-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. |
|
25 |
CVE-2019-7308 |
189 |
|
|
2019-02-01 |
2019-09-24 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. |
|
26 |
CVE-2019-7306 |
200 |
|
+Info |
2020-04-17 |
2020-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu |
|
27 |
CVE-2019-7304 |
863 |
|
|
2019-04-23 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. |
|
28 |
CVE-2019-7303 |
|
|
|
2019-04-23 |
2020-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4. |
|
29 |
CVE-2019-7222 |
|
|
+Info |
2019-03-21 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. |
|
30 |
CVE-2019-7221 |
416 |
|
|
2019-03-21 |
2020-10-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. |
|
31 |
CVE-2019-6978 |
415 |
|
|
2019-01-28 |
2019-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. |
|
32 |
CVE-2019-6977 |
787 |
|
Overflow |
2019-01-27 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. |
|
33 |
CVE-2019-6974 |
362 |
|
|
2019-02-15 |
2020-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. |
|
34 |
CVE-2019-6778 |
787 |
|
Overflow |
2019-03-21 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. |
|
35 |
CVE-2019-6133 |
362 |
|
Bypass |
2019-01-11 |
2020-08-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. |
|
36 |
CVE-2019-6128 |
401 |
|
|
2019-01-11 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. |
|
37 |
CVE-2019-6116 |
|
|
Exec Code |
2019-03-21 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. |
|
38 |
CVE-2019-6111 |
22 |
|
Dir. Trav. |
2019-01-31 |
2020-08-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). |
|
39 |
CVE-2019-6109 |
116 |
|
|
2019-01-31 |
2020-08-24 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. |
|
40 |
CVE-2019-5882 |
416 |
|
|
2019-01-09 |
2019-02-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. |
|
41 |
CVE-2019-5747 |
125 |
|
+Info |
2019-01-09 |
2019-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. |
|
42 |
CVE-2019-3824 |
125 |
|
DoS |
2019-03-06 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. |
|
43 |
CVE-2019-3823 |
125 |
|
|
2019-02-06 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. |
|
44 |
CVE-2019-3822 |
787 |
|
Overflow |
2019-02-06 |
2021-06-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. |
|
45 |
CVE-2019-3819 |
835 |
|
DoS |
2019-01-25 |
2020-10-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. |
|
46 |
CVE-2019-3814 |
295 |
|
|
2019-03-27 |
2019-06-14 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. |
|
47 |
CVE-2019-3813 |
125 |
|
DoS Exec Code |
2019-02-04 |
2020-10-15 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. |
|
48 |
CVE-2019-3701 |
787 |
|
|
2019-01-03 |
2019-09-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. |
|
49 |
CVE-2019-3498 |
20 |
|
|
2019-01-09 |
2019-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. |
|
50 |
CVE-2019-3462 |
|
|
Exec Code |
2019-01-28 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. |
