| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-13627 |
362 |
|
|
2019-09-25 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. |
|
2 |
CVE-2019-11008 |
119 |
|
DoS Overflow |
2019-04-08 |
2019-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
|
3 |
CVE-2019-11006 |
119 |
|
DoS Overflow |
2019-04-08 |
2019-05-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
|
4 |
CVE-2019-9948 |
254 |
|
Bypass |
2019-03-23 |
2019-06-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. |
|
5 |
CVE-2019-9894 |
320 |
|
|
2019-03-21 |
2019-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. |
|
6 |
CVE-2019-9675 |
119 |
|
Overflow |
2019-03-11 |
2019-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." |
|
7 |
CVE-2019-8907 |
119 |
|
DoS Overflow |
2019-02-18 |
2019-04-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. |
|
8 |
CVE-2019-8906 |
125 |
|
|
2019-02-18 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. |
|
9 |
CVE-2019-8905 |
125 |
|
|
2019-02-18 |
2019-04-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. |
|
10 |
CVE-2019-7638 |
125 |
|
|
2019-02-08 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. |
|
11 |
CVE-2019-7637 |
119 |
|
Overflow |
2019-02-08 |
2019-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. |
|
12 |
CVE-2019-7636 |
125 |
|
|
2019-02-08 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. |
|
13 |
CVE-2019-7635 |
125 |
|
|
2019-02-08 |
2019-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. |
|
14 |
CVE-2019-7578 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. |
|
15 |
CVE-2019-7577 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. |
|
16 |
CVE-2019-7576 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). |
|
17 |
CVE-2019-7575 |
119 |
|
Overflow |
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. |
|
18 |
CVE-2019-7574 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. |
|
19 |
CVE-2019-7573 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). |
|
20 |
CVE-2019-7572 |
125 |
|
|
2019-02-07 |
2019-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. |
|
21 |
CVE-2019-6486 |
400 |
|
DoS |
2019-01-24 |
2019-06-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. |
|
22 |
CVE-2019-6128 |
399 |
|
|
2019-01-11 |
2019-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. |
|
23 |
CVE-2019-6116 |
20 |
|
Exec Code |
2019-03-21 |
2019-09-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. |
|
24 |
CVE-2019-5836 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
25 |
CVE-2019-5831 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
26 |
CVE-2019-5829 |
416 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
|
27 |
CVE-2019-5828 |
416 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
|
28 |
CVE-2019-5827 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
29 |
CVE-2019-5824 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
30 |
CVE-2019-5822 |
284 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
|
31 |
CVE-2019-5821 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
|
32 |
CVE-2019-5820 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
|
33 |
CVE-2019-5817 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
34 |
CVE-2019-5816 |
664 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. |
|
35 |
CVE-2019-5811 |
19 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
|
36 |
CVE-2019-5807 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
37 |
CVE-2019-5806 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
38 |
CVE-2019-3863 |
787 |
|
|
2019-03-25 |
2019-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. |
|
39 |
CVE-2019-3862 |
125 |
|
DoS |
2019-03-21 |
2019-04-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. |
|
40 |
CVE-2019-3861 |
125 |
|
DoS |
2019-03-25 |
2019-04-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. |
|
41 |
CVE-2019-3860 |
125 |
|
DoS |
2019-03-25 |
2019-04-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. |
|
42 |
CVE-2019-3859 |
125 |
|
DoS |
2019-03-21 |
2019-07-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. |
|
43 |
CVE-2019-3858 |
125 |
|
DoS |
2019-03-21 |
2019-04-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. |
|
44 |
CVE-2019-3857 |
190 |
|
Exec Code Overflow |
2019-03-25 |
2019-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. |
|
45 |
CVE-2019-3856 |
190 |
|
Exec Code Overflow |
2019-03-25 |
2019-05-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. |
|
46 |
CVE-2019-0217 |
362 |
|
Bypass |
2019-04-08 |
2019-05-13 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. |
|
47 |
CVE-2018-20506 |
190 |
|
Exec Code Overflow |
2019-04-03 |
2019-06-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. |
|
48 |
CVE-2018-20346 |
190 |
|
Exec Code Overflow |
2018-12-21 |
2019-06-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. |
|
49 |
CVE-2018-19870 |
476 |
|
|
2018-12-26 |
2019-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. |
|
50 |
CVE-2018-19492 |
119 |
|
Overflow |
2018-11-23 |
2019-04-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. |
