Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-119
Total 11483 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20340 2 Debian, Yubico 2 Debian Linux, Libu2f-host 2019-12-05 4.6 MEDIUM 6.8 MEDIUM
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.
CVE-2019-5699 2 Google, Nvidia 2 Android, Shield Experience 2019-12-05 7.2 HIGH 7.8 HIGH
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.
CVE-2017-14042 1 Graphicsmagick 1 Graphicsmagick 2019-12-03 4.3 MEDIUM 6.5 MEDIUM
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
CVE-2018-0151 1 Cisco 1 Ios Xe 2019-12-02 10.0 HIGH 9.8 CRITICAL
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.
CVE-2018-17540 3 Canonical, Debian, Strongswan 3 Ubuntu Linux, Debian Linux, Strongswan 2019-11-30 5.0 MEDIUM 7.5 HIGH
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
CVE-2016-4354 2 Canonical, Libksba Project 2 Ubuntu Linux, Libksba 2019-11-29 5.0 MEDIUM 7.5 HIGH
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVE-2016-4355 2 Canonical, Libksba Project 2 Ubuntu Linux, Libksba 2019-11-29 5.0 MEDIUM 7.5 HIGH
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVE-2016-4356 2 Canonical, Libksba Project 2 Ubuntu Linux, Libksba 2019-11-29 5.0 MEDIUM 7.5 HIGH
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
CVE-2019-0152 1 Intel 260 Xeon Bronze 3104, Xeon Bronze 3104 Firmware, Xeon Bronze 3106 and 257 more 2019-11-26 7.2 HIGH 6.7 MEDIUM
Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2019-0151 1 Intel 888 Core I5-5300u, Core I5-5300u Firmware, Core I5-5350u and 885 more 2019-11-26 7.2 HIGH 6.7 MEDIUM
Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2019-2295 1 Qualcomm 64 Apq8009, Apq8009 Firmware, Apq8017 and 61 more 2019-11-25 2.1 LOW 5.5 MEDIUM
Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130
CVE-2018-19130 1 Libav 1 Libav 2019-11-22 4.3 MEDIUM 6.5 MEDIUM
** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127.
CVE-2015-3166 3 Canonical, Debian, Postgresql 3 Ubuntu Linux, Debian Linux, Postgresql 2019-11-22 7.5 HIGH 9.8 CRITICAL
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
CVE-2018-20855 3 Linux, Netapp, Opensuse 6 Linux Kernel, Active Iq Performance Analytics Services, Active Iq Unified Manager and 3 more 2019-11-20 2.1 LOW 3.3 LOW
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
CVE-2017-5731 1 Tianocore 1 Edk2 2019-11-18 4.6 MEDIUM 7.8 HIGH
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2019-1441 1 Microsoft 2 Windows 7, Windows Server 2008 2019-11-13 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
CVE-2006-6684 1 Pedro Lineu Orso 1 Chetcpasswd 2019-11-13 7.5 HIGH N/A
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2017-12912 1 Mp3gain 1 Mp3gain 2019-11-08 4.3 MEDIUM 5.5 MEDIUM
The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.
CVE-2019-2324 1 Qualcomm 66 Mdm9150, Mdm9150 Firmware, Mdm9206 and 63 more 2019-11-08 10.0 HIGH 9.8 CRITICAL
When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24
CVE-2016-3077 1 Redhat 1 Ovirt-engine 2019-11-06 4.0 MEDIUM 6.5 MEDIUM
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.