Total
10972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1010297 | 1 Linaro | 1 Op-tee | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010296 | 1 Linaro | 1 Op-tee | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010295 | 1 Linaro | 1 Op-tee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010293 | 1 Linaro | 1 Op-tee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2019-1010292 | 1 Linaro | 1 Op-tee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. | |||||
| CVE-2019-1010258 | 1 Nanosvg Project | 1 Nanosvg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file. | |||||
| CVE-2019-1010238 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. | |||||
| CVE-2019-1010232 | 1 Juniper | 1 Libslax | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601(funtion:slaxGetInput). The attack vector is: ./slaxproc --slax-to-xslt POC0. | |||||
| CVE-2019-1010228 | 2 Fedoraproject, Offis | 2 Fedora, Dcmtk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e. | |||||
| CVE-2019-1010218 | 1 Cherokee-project | 1 Cherokee Web Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version is: There's no fix yet. | |||||
| CVE-2019-1010176 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0. | |||||
| CVE-2019-1010163 | 1 Socusoft | 1 Photo 2 Video Converter | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley). | |||||
| CVE-2019-1010057 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. | |||||
| CVE-2019-1010044 | 1 Archivesunleashed | 1 Graphpass | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable. | |||||
| CVE-2019-1010043 | 1 Quake3e Project | 1 Quake3e | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation. | |||||
| CVE-2019-1010039 | 1 Ulaunchelf Project | 1 Ulaunchelf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line. | |||||
| CVE-2019-1010038 | 1 Openmodelica | 1 Omcompiler | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable. | |||||
| CVE-2019-1010006 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Evince and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. | |||||
| CVE-2019-1000006 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity. | |||||
| CVE-2019-0993 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | |||||