| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-17069 |
20 |
|
DoS |
2019-10-01 |
2019-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. |
|
2 |
CVE-2019-17068 |
74 |
|
|
2019-10-01 |
2019-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. |
|
3 |
CVE-2019-15902 |
200 |
|
+Info |
2019-09-04 |
2019-10-10 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. |
|
4 |
CVE-2019-14235 |
20 |
|
|
2019-08-02 |
2019-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. |
|
5 |
CVE-2019-14233 |
20 |
|
|
2019-08-02 |
2019-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. |
|
6 |
CVE-2019-14232 |
20 |
|
|
2019-08-02 |
2019-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
|
7 |
CVE-2019-13627 |
362 |
|
|
2019-09-25 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. |
|
8 |
CVE-2019-12449 |
269 |
|
|
2019-05-29 |
2019-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. |
|
9 |
CVE-2019-12447 |
269 |
|
|
2019-05-29 |
2019-09-20 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |
|
10 |
CVE-2019-11730 |
200 |
|
+Info |
2019-07-23 |
2019-08-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
|
11 |
CVE-2019-11235 |
345 |
|
|
2019-04-22 |
2019-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. |
|
12 |
CVE-2019-11010 |
399 |
|
DoS |
2019-04-08 |
2019-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |
|
13 |
CVE-2019-11009 |
125 |
|
DoS |
2019-04-08 |
2019-05-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. |
|
14 |
CVE-2019-11008 |
119 |
|
DoS Overflow |
2019-04-08 |
2019-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
|
15 |
CVE-2019-11007 |
119 |
|
DoS Overflow |
2019-04-08 |
2019-05-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. |
|
16 |
CVE-2019-11006 |
119 |
|
DoS Overflow |
2019-04-08 |
2019-05-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
|
17 |
CVE-2019-11005 |
119 |
|
DoS Overflow |
2019-04-08 |
2019-05-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. |
|
18 |
CVE-2019-10691 |
287 |
|
|
2019-04-24 |
2019-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. |
|
19 |
CVE-2019-9948 |
254 |
|
Bypass |
2019-03-23 |
2019-06-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. |
|
20 |
CVE-2019-9923 |
476 |
|
|
2019-03-22 |
2019-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. |
|
21 |
CVE-2019-9898 |
327 |
|
|
2019-03-21 |
2019-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. |
|
22 |
CVE-2019-9897 |
20 |
|
|
2019-03-21 |
2019-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. |
|
23 |
CVE-2019-9894 |
320 |
|
|
2019-03-21 |
2019-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. |
|
24 |
CVE-2019-9675 |
119 |
|
Overflow |
2019-03-11 |
2019-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." |
|
25 |
CVE-2019-9641 |
119 |
|
Overflow |
2019-03-08 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. |
|
26 |
CVE-2019-9640 |
119 |
|
Overflow |
2019-03-08 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. |
|
27 |
CVE-2019-9639 |
119 |
|
Overflow |
2019-03-08 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. |
|
28 |
CVE-2019-9638 |
119 |
|
Overflow |
2019-03-08 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. |
|
29 |
CVE-2019-9637 |
264 |
|
|
2019-03-08 |
2019-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. |
|
30 |
CVE-2019-9636 |
255 |
|
|
2019-03-08 |
2019-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. |
|
31 |
CVE-2019-9628 |
20 |
|
|
2019-04-11 |
2019-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. |
|
32 |
CVE-2019-9213 |
476 |
|
|
2019-03-05 |
2019-06-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. |
|
33 |
CVE-2019-9024 |
125 |
|
|
2019-02-22 |
2019-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. |
|
34 |
CVE-2019-9023 |
125 |
|
|
2019-02-22 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. |
|
35 |
CVE-2019-9021 |
125 |
|
|
2019-02-22 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. |
|
36 |
CVE-2019-9020 |
125 |
|
|
2019-02-22 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. |
|
37 |
CVE-2019-8980 |
399 |
|
DoS |
2019-02-21 |
2019-05-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. |
|
38 |
CVE-2019-8936 |
476 |
|
|
2019-05-15 |
2019-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NTP through 4.2.8p12 has a NULL Pointer Dereference. |
|
39 |
CVE-2019-8934 |
19 |
|
|
2019-03-21 |
2019-05-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. |
|
40 |
CVE-2019-8907 |
119 |
|
DoS Overflow |
2019-02-18 |
2019-04-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. |
|
41 |
CVE-2019-8906 |
125 |
|
|
2019-02-18 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
|
42 |
CVE-2019-8905 |
125 |
|
|
2019-02-18 |
2019-04-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. |
|
43 |
CVE-2019-8375 |
119 |
|
DoS Overflow |
2019-02-24 |
2019-05-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). |
|
44 |
CVE-2019-7663 |
119 |
|
Overflow |
2019-02-09 |
2019-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. |
|
45 |
CVE-2019-7638 |
125 |
|
|
2019-02-08 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. |
|
46 |
CVE-2019-7637 |
119 |
|
Overflow |
2019-02-08 |
2019-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. |
|
47 |
CVE-2019-7636 |
125 |
|
|
2019-02-08 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. |
|
48 |
CVE-2019-7635 |
125 |
|
|
2019-02-08 |
2019-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. |
|
49 |
CVE-2019-7578 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. |
|
50 |
CVE-2019-7577 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. |
