| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-10756 |
125 |
|
+Info |
2020-07-09 |
2022-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. |
|
2 |
CVE-2019-1010180 |
119 |
|
Exec Code Overflow |
2019-07-24 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. |
|
3 |
CVE-2019-1000020 |
835 |
|
|
2019-02-04 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. |
|
4 |
CVE-2019-1000019 |
125 |
|
DoS |
2019-02-04 |
2019-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. |
|
5 |
CVE-2019-18805 |
190 |
|
DoS Overflow |
2019-11-07 |
2021-06-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. |
|
6 |
CVE-2019-18804 |
476 |
|
|
2019-11-07 |
2022-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. |
|
7 |
CVE-2019-18622 |
89 |
|
Sql |
2019-11-22 |
2020-01-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. |
|
8 |
CVE-2019-17596 |
436 |
|
|
2019-10-24 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. |
|
9 |
CVE-2019-17595 |
125 |
|
|
2019-10-14 |
2021-02-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
|
10 |
CVE-2019-17594 |
125 |
|
|
2019-10-14 |
2021-02-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
|
11 |
CVE-2019-17178 |
772 |
|
|
2019-10-04 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. |
|
12 |
CVE-2019-17177 |
772 |
|
|
2019-10-04 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. |
|
13 |
CVE-2019-17069 |
416 |
|
DoS |
2019-10-01 |
2022-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. |
|
14 |
CVE-2019-17068 |
74 |
|
|
2019-10-01 |
2019-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. |
|
15 |
CVE-2019-17055 |
862 |
|
|
2019-10-01 |
2022-03-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. |
|
16 |
CVE-2019-17042 |
20 |
|
Overflow |
2019-10-07 |
2021-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. |
|
17 |
CVE-2019-17041 |
787 |
|
Overflow |
2019-10-07 |
2021-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. |
|
18 |
CVE-2019-16995 |
772 |
|
DoS |
2019-09-30 |
2021-07-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. |
|
19 |
CVE-2019-16884 |
863 |
|
Bypass |
2019-09-25 |
2022-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. |
|
20 |
CVE-2019-16713 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. |
|
21 |
CVE-2019-16712 |
401 |
|
|
2019-09-23 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. |
|
22 |
CVE-2019-16711 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. |
|
23 |
CVE-2019-16710 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. |
|
24 |
CVE-2019-16709 |
401 |
|
|
2019-09-23 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. |
|
25 |
CVE-2019-16708 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. |
|
26 |
CVE-2019-16276 |
444 |
|
|
2019-09-30 |
2021-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. |
|
27 |
CVE-2019-16234 |
476 |
|
|
2019-09-11 |
2020-05-05 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. |
|
28 |
CVE-2019-16233 |
476 |
|
|
2019-09-11 |
2020-05-06 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. |
|
29 |
CVE-2019-16232 |
476 |
|
|
2019-09-11 |
2020-05-04 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. |
|
30 |
CVE-2019-16231 |
476 |
|
|
2019-09-11 |
2020-05-04 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. |
|
31 |
CVE-2019-16167 |
787 |
|
Overflow Mem. Corr. |
2019-09-09 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. |
|
32 |
CVE-2019-15921 |
401 |
|
|
2019-09-04 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. |
|
33 |
CVE-2019-15920 |
416 |
|
|
2019-09-04 |
2019-12-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak. |
|
34 |
CVE-2019-15919 |
416 |
|
|
2019-09-04 |
2019-12-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. |
|
35 |
CVE-2019-15917 |
416 |
|
|
2019-09-04 |
2020-03-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. |
|
36 |
CVE-2019-15902 |
200 |
|
+Info |
2019-09-04 |
2019-10-17 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. |
|
37 |
CVE-2019-15847 |
331 |
|
|
2019-09-02 |
2020-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. |
|
38 |
CVE-2019-15666 |
125 |
|
DoS |
2019-08-27 |
2020-04-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. |
|
39 |
CVE-2019-15538 |
400 |
|
|
2019-08-25 |
2021-06-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. |
|
40 |
CVE-2019-15214 |
416 |
|
|
2019-08-19 |
2020-03-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. |
|
41 |
CVE-2019-15166 |
120 |
|
|
2019-10-03 |
2022-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. |
|
42 |
CVE-2019-15165 |
770 |
|
|
2019-10-03 |
2022-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. |
|
43 |
CVE-2019-15145 |
125 |
|
|
2019-08-18 |
2022-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. |
|
44 |
CVE-2019-15144 |
674 |
|
|
2019-08-18 |
2022-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. |
|
45 |
CVE-2019-15143 |
835 |
|
|
2019-08-18 |
2022-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. |
|
46 |
CVE-2019-15142 |
125 |
|
|
2019-08-18 |
2022-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. |
|
47 |
CVE-2019-15098 |
476 |
|
|
2019-08-16 |
2019-11-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. |
|
48 |
CVE-2019-15090 |
125 |
|
|
2019-08-16 |
2020-05-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. |
|
49 |
CVE-2019-15031 |
200 |
|
+Info |
2019-09-13 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. |
|
50 |
CVE-2019-15030 |
862 |
|
|
2019-09-13 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. |
