| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-13114 |
476 |
|
DoS |
2019-06-30 |
2023-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. |
|
2 |
CVE-2019-13113 |
617 |
|
DoS |
2019-06-30 |
2023-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. |
|
3 |
CVE-2019-13112 |
770 |
|
DoS |
2019-06-30 |
2023-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. |
|
4 |
CVE-2019-13111 |
190 |
|
DoS Overflow |
2019-06-30 |
2023-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. |
|
5 |
CVE-2019-13110 |
125 |
|
DoS Overflow |
2019-06-30 |
2023-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. |
|
6 |
CVE-2019-13109 |
190 |
|
DoS Overflow |
2019-06-30 |
2023-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. |
|
7 |
CVE-2019-13108 |
190 |
|
DoS Overflow |
2019-06-30 |
2023-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. |
|
8 |
CVE-2019-13107 |
190 |
|
Overflow |
2019-06-30 |
2023-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c |
|
9 |
CVE-2019-13086 |
89 |
|
Sql CSRF |
2019-06-30 |
2019-07-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. |
|
10 |
CVE-2019-13085 |
787 |
|
|
2019-06-30 |
2019-07-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa. |
|
11 |
CVE-2019-13084 |
787 |
|
|
2019-06-30 |
2019-07-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739. |
|
12 |
CVE-2019-13083 |
787 |
|
|
2019-06-30 |
2019-07-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a. |
|
13 |
CVE-2019-13082 |
434 |
|
Exec Code |
2019-06-30 |
2019-07-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir. |
|
14 |
CVE-2019-13075 |
200 |
|
+Info |
2019-06-30 |
2019-07-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. |
|
15 |
CVE-2019-13072 |
79 |
|
Exec Code XSS |
2019-06-30 |
2023-01-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. |
|
16 |
CVE-2019-13068 |
79 |
|
XSS |
2019-06-30 |
2023-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). |
|
17 |
CVE-2019-13067 |
125 |
|
|
2019-06-30 |
2022-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. |
|
18 |
CVE-2019-13055 |
200 |
|
+Info |
2019-06-29 |
2019-07-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard. |
|
19 |
CVE-2019-13054 |
522 |
|
Bypass |
2019-06-29 |
2020-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z. |
|
20 |
CVE-2019-13053 |
|
|
Bypass |
2019-06-29 |
2020-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761. |
|
21 |
CVE-2019-13052 |
327 |
|
|
2019-06-29 |
2020-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. |
|
22 |
CVE-2019-13050 |
295 |
|
DoS |
2019-06-29 |
2021-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. |
|
23 |
CVE-2019-13049 |
190 |
|
|
2019-06-29 |
2022-09-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges. |
|
24 |
CVE-2019-13048 |
190 |
|
DoS |
2019-06-29 |
2022-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE). |
|
25 |
CVE-2019-13047 |
862 |
|
|
2019-06-29 |
2022-09-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. |
|
26 |
CVE-2019-13046 |
388 |
|
|
2019-06-29 |
2022-09-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications. |
|
27 |
CVE-2019-13045 |
416 |
|
|
2019-06-29 |
2019-07-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. |
|
28 |
CVE-2019-13044 |
287 |
|
|
2019-06-29 |
2019-07-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An insecure login process was discovered in Panduit IntraVUE before 3.2.0. |
|
29 |
CVE-2019-13038 |
601 |
|
|
2019-06-29 |
2023-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. |
|
30 |
CVE-2019-13035 |
|
|
|
2019-06-29 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. |
|
31 |
CVE-2019-13032 |
476 |
|
|
2019-06-28 |
2019-07-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library. |
|
32 |
CVE-2019-13031 |
611 |
|
|
2019-06-28 |
2019-08-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule. |
|
33 |
CVE-2019-13028 |
284 |
|
Exec Code |
2019-06-28 |
2019-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic. |
|
34 |
CVE-2019-13012 |
732 |
|
|
2019-06-28 |
2021-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. |
|
35 |
CVE-2019-12997 |
78 |
|
|
2019-06-28 |
2020-08-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). |
|
36 |
CVE-2019-12995 |
476 |
|
|
2019-06-28 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault. |
|
37 |
CVE-2019-12984 |
476 |
|
DoS |
2019-06-26 |
2019-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. |
|
38 |
CVE-2019-12983 |
|
|
DoS +Info |
2019-06-26 |
2019-06-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.0.15, the function do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service, which is similar to CVE-2011-1079. The user would use an HIDPCONNADD command. |
|
39 |
CVE-2019-12982 |
119 |
|
DoS Overflow |
2019-06-26 |
2020-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file. |
|
40 |
CVE-2019-12981 |
119 |
|
Overflow |
2019-06-26 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. |
|
41 |
CVE-2019-12980 |
190 |
|
Overflow |
2019-06-26 |
2020-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. |
|
42 |
CVE-2019-12979 |
665 |
|
|
2019-06-26 |
2020-08-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. |
|
43 |
CVE-2019-12978 |
665 |
|
|
2019-06-26 |
2020-08-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. |
|
44 |
CVE-2019-12977 |
665 |
|
|
2019-06-26 |
2020-08-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. |
|
45 |
CVE-2019-12976 |
401 |
|
|
2019-06-26 |
2023-02-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. |
|
46 |
CVE-2019-12975 |
401 |
|
|
2019-06-26 |
2023-02-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. |
|
47 |
CVE-2019-12974 |
476 |
|
DoS |
2019-06-26 |
2020-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. |
|
48 |
CVE-2019-12973 |
834 |
|
DoS |
2019-06-26 |
2022-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. |
|
49 |
CVE-2019-12972 |
125 |
|
|
2019-06-26 |
2023-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. |
|
50 |
CVE-2019-12968 |
119 |
|
DoS Overflow |
2019-06-26 |
2019-07-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin. |
