Total
6585 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20086 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. | |||||
CVE-2019-20021 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | |||||
CVE-2019-20020 | 1 Matio Project | 1 Matio | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. | |||||
CVE-2019-20018 | 1 Matio Project | 1 Matio | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. | |||||
CVE-2019-20017 | 1 Matio Project | 1 Matio | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. | |||||
CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | |||||
CVE-2019-20005 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished). | |||||
CVE-2019-1996 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066. | |||||
CVE-2019-1853 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 5.0 MEDIUM | 4.8 MEDIUM |
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. | |||||
CVE-2019-1798 | 1 Clamav | 1 Clamav | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | |||||
CVE-2019-1789 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | |||||
CVE-2019-1787 | 3 Clamav, Debian, Opensuse | 3 Clamav, Debian Linux, Leap | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | |||||
CVE-2019-1786 | 1 Clamav | 1 Clamav | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | |||||
CVE-2019-1481 | 1 Microsoft | 1 Windows 7 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480. | |||||
CVE-2019-1480 | 1 Microsoft | 1 Windows 7 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481. | |||||
CVE-2019-1466 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467. | |||||
CVE-2019-1465 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. | |||||
CVE-2019-1432 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1411. | |||||
CVE-2019-1412 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'. | |||||
CVE-2019-1411 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432. |