CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical » Ubuntu Linux » 19.10 * * * : Security Vulnerabilities (Overflow)

Cpe Name:cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-11958 787 Overflow 2020-04-21 2020-07-27
6.8
None Remote Medium Not required Partial Partial Partial
re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.
2 CVE-2020-11945 190 Exec Code Overflow 2020-04-23 2021-03-17
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
3 CVE-2020-11523 190 Overflow 2020-05-15 2020-08-30
6.0
None Remote Medium ??? Partial Partial Partial
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.
4 CVE-2020-11058 119 Overflow 2020-05-12 2020-09-01
3.5
None Remote Medium ??? None None Partial
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.
5 CVE-2020-11046 119 Overflow 2020-05-07 2020-08-30
3.5
None Remote Medium ??? None None Partial
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
6 CVE-2020-10722 190 Overflow Mem. Corr. 2020-05-19 2021-01-20
4.6
None Local Low Not required Partial Partial Partial
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
7 CVE-2020-8835 119 Overflow 2020-04-02 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
8 CVE-2020-8450 119 Overflow 2020-02-04 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
9 CVE-2020-6831 120 Overflow Mem. Corr. 2020-05-26 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
10 CVE-2020-5312 120 Overflow 2020-01-03 2020-07-10
7.5
None Remote Low Not required Partial Partial Partial
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
11 CVE-2020-5311 120 Overflow 2020-01-03 2020-07-10
7.5
None Remote Low Not required Partial Partial Partial
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
12 CVE-2019-20788 190 Overflow 2020-04-23 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
13 CVE-2019-19602 119 DoS Overflow Mem. Corr. 2019-12-05 2020-08-24
5.4
None Local Medium Not required Complete None Partial
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
14 CVE-2019-18676 787 DoS Overflow 2019-11-26 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
15 CVE-2019-18609 190 Overflow Mem. Corr. 2019-12-01 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
16 CVE-2019-13508 119 Overflow 2019-10-31 2020-05-30
7.5
None Remote Low Not required Partial Partial Partial
FreeTDS through 1.1.11 has a Buffer Overflow.
17 CVE-2019-12526 120 Overflow 2019-11-26 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
18 CVE-2019-12521 787 Overflow 2020-04-15 2021-07-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
19 CVE-2019-12519 787 Overflow 2020-04-15 2021-02-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
20 CVE-2019-11484 190 Overflow 2020-02-08 2020-02-12
4.6
None Local Low Not required Partial Partial Partial
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.
21 CVE-2019-1551 200 Overflow +Info 2019-12-06 2021-07-21
5.0
None Remote Low Not required Partial None None
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
22 CVE-2017-18922 787 Overflow 2020-06-30 2020-07-24
7.5
None Remote Low Not required Partial Partial Partial
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
23 CVE-2016-6328 190 Overflow 2018-10-31 2021-05-10
5.8
None Remote Medium Not required Partial None Partial
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
24 CVE-2015-9542 787 Exec Code Overflow 2020-02-24 2020-08-14
5.0
None Remote Low Not required None None Partial
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.