Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13574 | 2 Debian, Minimagick Project | 2 Debian Linux, Minimagick | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. | |||||
| CVE-2019-14437 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | |||||
| CVE-2019-14809 | 2 Debian, Golang | 2 Debian Linux, Go | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | |||||
| CVE-2019-14970 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | |||||
| CVE-2019-15807 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2020-08-24 | 4.7 MEDIUM | 4.7 MEDIUM |
| In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | |||||
| CVE-2019-15846 | 2 Debian, Exim | 2 Debian Linux, Exim | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |||||
| CVE-2019-16275 | 3 Canonical, Debian, W1.fi | 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | |||||
| CVE-2019-5719 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. | |||||
| CVE-2019-17358 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Leap | 2020-08-24 | 5.5 MEDIUM | 8.1 HIGH |
| Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. | |||||
| CVE-2019-18197 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2020-08-24 | 5.1 MEDIUM | 7.5 HIGH |
| In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. | |||||
| CVE-2019-18809 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-08-24 | 4.9 MEDIUM | 4.6 MEDIUM |
| A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. | |||||
| CVE-2019-19012 | 4 Debian, Fedoraproject, Oniguruma Project and 1 more | 4 Debian Linux, Fedora, Oniguruma and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. | |||||
| CVE-2019-19056 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-08-24 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. | |||||
| CVE-2019-19062 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2020-08-24 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. | |||||
| CVE-2019-19068 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2020-08-24 | 4.9 MEDIUM | 4.6 MEDIUM |
| A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. | |||||
| CVE-2019-3465 | 3 Debian, Simplesamlphp, Xmlseclibs Project | 3 Debian Linux, Simplesamlphp, Xmlseclibs | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. | |||||
| CVE-2019-3462 | 3 Canonical, Debian, Netapp | 5 Ubuntu Linux, Advanced Package Tool, Debian Linux and 2 more | 2020-08-24 | 9.3 HIGH | 8.1 HIGH |
| Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. | |||||
| CVE-2019-3824 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. | |||||
| CVE-2019-5758 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5760 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||