| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-14405 |
770 |
|
|
2020-06-17 |
2022-03-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. |
|
2 |
CVE-2020-14404 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. |
|
3 |
CVE-2020-14403 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. |
|
4 |
CVE-2020-14402 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. |
|
5 |
CVE-2020-14398 |
835 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. |
|
6 |
CVE-2020-14397 |
476 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. |
|
7 |
CVE-2020-14396 |
476 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. |
|
8 |
CVE-2019-1000020 |
835 |
|
|
2019-02-04 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. |
|
9 |
CVE-2019-1000019 |
125 |
|
DoS |
2019-02-04 |
2019-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. |
|
10 |
CVE-2019-1000018 |
77 |
|
Exec Code |
2019-02-04 |
2021-05-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. |
|
11 |
CVE-2019-20840 |
787 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. |
|
12 |
CVE-2019-20839 |
120 |
|
Overflow |
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. |
|
13 |
CVE-2019-20788 |
787 |
|
Overflow |
2020-04-23 |
2022-03-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. |
|
14 |
CVE-2019-15681 |
665 |
|
Bypass +Info |
2019-10-29 |
2022-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. |
|
15 |
CVE-2019-13241 |
22 |
|
Dir. Trav. |
2019-07-04 |
2023-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. |
|
16 |
CVE-2019-13132 |
787 |
|
Overflow |
2019-07-10 |
2023-02-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. |
|
17 |
CVE-2019-13114 |
476 |
|
DoS |
2019-06-30 |
2023-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. |
|
18 |
CVE-2019-13113 |
617 |
|
DoS |
2019-06-30 |
2023-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. |
|
19 |
CVE-2019-13112 |
770 |
|
DoS |
2019-06-30 |
2023-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. |
|
20 |
CVE-2019-13110 |
125 |
|
DoS Overflow |
2019-06-30 |
2023-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. |
|
21 |
CVE-2019-13038 |
601 |
|
|
2019-06-29 |
2023-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. |
|
22 |
CVE-2019-12817 |
787 |
|
|
2019-06-25 |
2022-04-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. |
|
23 |
CVE-2019-12781 |
319 |
|
|
2019-07-01 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. |
|
24 |
CVE-2019-12749 |
59 |
|
Bypass |
2019-06-11 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
|
25 |
CVE-2019-12450 |
362 |
|
|
2019-05-29 |
2023-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. |
|
26 |
CVE-2019-12449 |
755 |
|
|
2019-05-29 |
2020-08-24 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. |
|
27 |
CVE-2019-12447 |
|
|
|
2019-05-29 |
2020-08-24 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |
|
28 |
CVE-2019-11596 |
476 |
|
DoS |
2019-04-29 |
2020-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. |
|
29 |
CVE-2019-11498 |
824 |
|
DoS |
2019-04-24 |
2022-10-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. |
|
30 |
CVE-2019-11479 |
770 |
|
DoS |
2019-06-19 |
2020-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. |
|
31 |
CVE-2019-11478 |
400 |
|
DoS |
2019-06-19 |
2020-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. |
|
32 |
CVE-2019-11477 |
190 |
|
DoS Overflow |
2019-06-19 |
2023-01-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. |
|
33 |
CVE-2019-11476 |
190 |
|
Exec Code Overflow |
2019-08-29 |
2019-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process. |
|
34 |
CVE-2019-11459 |
754 |
|
|
2019-04-22 |
2023-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. |
|
35 |
CVE-2019-11455 |
125 |
|
DoS |
2019-04-22 |
2022-03-31 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). |
|
36 |
CVE-2019-11454 |
79 |
|
XSS |
2019-04-22 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. |
|
37 |
CVE-2019-11338 |
476 |
|
DoS |
2019-04-19 |
2022-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. |
|
38 |
CVE-2019-11324 |
295 |
|
|
2019-04-18 |
2021-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. |
|
39 |
CVE-2019-11235 |
345 |
|
|
2019-04-22 |
2019-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. |
|
40 |
CVE-2019-11234 |
287 |
|
|
2019-04-22 |
2019-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. |
|
41 |
CVE-2019-11068 |
|
|
Bypass |
2019-04-10 |
2023-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
|
42 |
CVE-2019-11036 |
125 |
|
|
2019-05-03 |
2020-10-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. |
|
43 |
CVE-2019-11035 |
125 |
|
|
2019-04-18 |
2020-10-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. |
|
44 |
CVE-2019-11034 |
125 |
|
|
2019-04-18 |
2020-10-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. |
|
45 |
CVE-2019-10906 |
|
|
|
2019-04-07 |
2023-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. |
|
46 |
CVE-2019-10903 |
125 |
|
|
2019-04-09 |
2023-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. |
|
47 |
CVE-2019-10901 |
476 |
|
|
2019-04-09 |
2023-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. |
|
48 |
CVE-2019-10899 |
125 |
|
|
2019-04-09 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. |
|
49 |
CVE-2019-10896 |
787 |
|
|
2019-04-09 |
2023-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. |
|
50 |
CVE-2019-10895 |
125 |
|
|
2019-04-09 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. |
