Total
90 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6582 | 2 Fedoraproject, Nagios | 2 Fedora, Remote Plug In Executor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. | |||||
CVE-2020-12417 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
CVE-2019-10624 | 1 Qualcomm | 24 Apq8096au, Apq8096au Firmware, Msm8996au and 21 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130 | |||||
CVE-2019-14842 | 1 Redhat | 1 Libnbd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution. | |||||
CVE-2019-19317 | 4 Netapp, Oracle, Siemens and 1 more | 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||||
CVE-2019-16200 | 1 Gnu | 1 Serveez | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | |||||
CVE-2019-10203 | 2 Linux, Powerdns | 2 Linux Kernel, Authoritative Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. | |||||
CVE-2019-16778 | 1 Google | 1 Tensorflow | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0. | |||||
CVE-2015-3406 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. | |||||
CVE-2019-19958 | 1 Mz-automation | 1 Libiec61850 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | |||||
CVE-2019-1010204 | 2 Gnu, Netapp | 4 Binutils, Binutils Gold, Hci Management Node and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. | |||||
CVE-2019-9749 | 1 Treasuredata | 1 Fluent Bit | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal. | |||||
CVE-2018-1000224 | 1 Godotengine | 1 Godot | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b. | |||||
CVE-2018-3999 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability. | |||||
CVE-2018-8786 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. | |||||
CVE-2019-7310 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. | |||||
CVE-2018-10887 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. | |||||
CVE-2018-5251 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
CVE-2017-17446 | 1 Game-music-emu Project | 1 Game-music-emu | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2017-12140 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. |