Total
6585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5517 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
| VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. | |||||
| CVE-2019-5516 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
| VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. | |||||
| CVE-2019-5432 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. | |||||
| CVE-2019-5296 | 1 Huawei | 2 Mate20, Mate20 Firmware | 2024-11-21 | 1.7 LOW | 3.9 LOW |
| Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may cause out-of-bounds read of the memory and the system abnormal. | |||||
| CVE-2019-5294 | 1 Huawei | 32 Ar120-s, Ar120-s Firmware, Ar1200 and 29 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal. | |||||
| CVE-2019-5289 | 1 Huawei | 1 Manageone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node. | |||||
| CVE-2019-5278 | 1 Huawei | 1 Campusinsight | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash. | |||||
| CVE-2019-5255 | 1 Huawei | 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service. | |||||
| CVE-2019-5254 | 1 Huawei | 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal. | |||||
| CVE-2019-5224 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure. | |||||
| CVE-2019-5147 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||
| CVE-2019-5146 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||
| CVE-2019-5124 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||
| CVE-2019-5098 | 3 Amd, Microsoft, Vmware | 6 Radeon 550, Radeon 550 Firmware, Radeon Rx 550 and 3 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||
| CVE-2019-5090 | 1 Leadtools | 1 Leadtools | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. | |||||
| CVE-2019-5065 | 1 Blynk | 1 Blynk-library | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. | |||||
| CVE-2019-5037 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger. | |||||
| CVE-2019-5034 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2019-5033 | 1 Aspose | 1 Aspose.cells | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | |||||
| CVE-2019-5032 | 1 Aspose | 1 Aspose.cells | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | |||||