Total
6575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11047 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.4 MEDIUM | 4.8 MEDIUM |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11046 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. | |||||
| CVE-2019-11042 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11041 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11040 | 4 Debian, Opensuse, Php and 1 more | 4 Debian Linux, Leap, Php and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11039 | 4 Debian, Opensuse, Php and 1 more | 4 Debian Linux, Leap, Php and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. | |||||
| CVE-2019-11036 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | |||||
| CVE-2019-11035 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. | |||||
| CVE-2019-11034 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | |||||
| CVE-2019-11009 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Leap | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. | |||||
| CVE-2019-11007 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | |||||
| CVE-2019-11006 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Leap | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. | |||||
| CVE-2019-10994 | 1 Laquisscada | 1 Scada | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-10992 | 1 Deltaww | 1 Cnssoft Screeneditor | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files. | |||||
| CVE-2019-10983 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. | |||||
| CVE-2019-10975 | 1 Fujielectric | 2 Alpha7 Pc Loader, Alpha7 Pc Loader Firmware | 2024-11-21 | 3.3 LOW | 6.6 MEDIUM |
| An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system. | |||||
| CVE-2019-10949 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. | |||||
| CVE-2019-10903 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. | |||||
| CVE-2019-10899 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. | |||||
| CVE-2019-10895 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. | |||||