Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-119
Total 11483 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3435 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2023-02-28 N/A 4.3 MEDIUM
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.
CVE-2019-10978 1 Redlion 1 Crimson 2023-02-28 6.8 MEDIUM 7.8 HIGH
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.
CVE-2022-3649 3 Debian, Linux, Netapp 11 Debian Linux, Linux Kernel, Active Iq Unified Manager and 8 more 2023-02-28 N/A 7.0 HIGH
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
CVE-2022-1941 2 Fedoraproject, Google 3 Fedora, Protobuf-cpp, Protobuf-python 2023-02-28 N/A 7.5 HIGH
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
CVE-2019-1010302 3 Debian, Fedoraproject, Jhead Project 3 Debian Linux, Fedora, Jhead 2023-02-28 4.3 MEDIUM 5.5 MEDIUM
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
CVE-2022-34841 1 Intel 1 Media Software Development Kit 2023-02-24 N/A 7.8 HIGH
Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2015-5289 3 Canonical, Debian, Postgresql 3 Ubuntu Linux, Debian Linux, Postgresql 2023-02-24 6.4 MEDIUM N/A
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
CVE-2017-17855 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-24 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.
CVE-2021-40393 2 Debian, Gerbv Project 2 Debian Linux, Gerbv 2023-02-24 7.5 HIGH 9.8 CRITICAL
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-3705 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Active Iq Unified Manager and 1 more 2023-02-23 N/A 7.5 HIGH
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
CVE-2022-3636 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-23 N/A 7.8 HIGH
A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.
CVE-2022-3564 3 Debian, Linux, Netapp 10 Debian Linux, Linux Kernel, H300s and 7 more 2023-02-23 N/A 7.1 HIGH
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
CVE-2021-46023 1 Mruby 1 Mruby 2023-02-22 N/A 7.5 HIGH
An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
CVE-2022-47977 1 Siemens 2 Jt Open Toolkit, Jt Utilities 2023-02-22 N/A 7.8 HIGH
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
CVE-2022-43762 1 Br-automation 1 Industrial Automation Aprol 2023-02-18 N/A 9.8 CRITICAL
Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
CVE-2023-0251 1 Deltaww 1 Diascreen 2023-02-16 N/A 7.8 HIGH
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.
CVE-2015-8389 3 Fedoraproject, Pcre, Php 3 Fedora, Perl Compatible Regular Expression Library, Php 2023-02-16 7.5 HIGH 9.8 CRITICAL
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8391 5 Fedoraproject, Oracle, Pcre and 2 more 10 Fedora, Linux, Pcre and 7 more 2023-02-16 9.0 HIGH 9.8 CRITICAL
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8383 3 Fedoraproject, Pcre, Php 3 Fedora, Perl Compatible Regular Expression Library, Php 2023-02-16 7.5 HIGH 9.8 CRITICAL
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8386 4 Fedoraproject, Oracle, Pcre and 1 more 4 Fedora, Linux, Perl Compatible Regular Expression Library and 1 more 2023-02-16 7.5 HIGH 9.8 CRITICAL
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.