Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11779 | 5 Canonical, Debian, Eclipse and 2 more | 6 Ubuntu Linux, Debian Linux, Mosquitto and 3 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | |||||
| CVE-2019-9495 | 6 Debian, Fedoraproject, Freebsd and 3 more | 9 Debian Linux, Fedora, Freebsd and 6 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. | |||||
| CVE-2019-5796 | 2 Google, Opensuse | 3 Chrome, Backports Sle, Leap | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
| Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5052 | 4 Canonical, Debian, Libsdl and 1 more | 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | |||||
| CVE-2019-12098 | 4 Debian, Fedoraproject, Heimdal Project and 1 more | 5 Debian Linux, Fedora, Heimdal and 2 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. | |||||
| CVE-2019-9752 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. | |||||
| CVE-2019-5051 | 4 Canonical, Debian, Libsdl and 1 more | 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | |||||
| CVE-2019-9494 | 5 Fedoraproject, Freebsd, Opensuse and 2 more | 8 Fedora, Freebsd, Backports Sle and 5 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. | |||||
| CVE-2019-5060 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-9777 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec. | |||||
| CVE-2019-9778 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. | |||||
| CVE-2019-5057 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-11007 | 4 Canonical, Debian, Graphicsmagick and 1 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | |||||
| CVE-2019-10740 | 3 Fedoraproject, Opensuse, Roundcube | 4 Fedora, Backports Sle, Leap and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | |||||
| CVE-2019-14274 | 2 Mcpp Project, Opensuse | 3 Mcpp, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. | |||||
| CVE-2019-5794 | 2 Google, Opensuse | 3 Chrome, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-5802 | 2 Google, Opensuse | 3 Chrome, Backports Sle, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-11474 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | |||||
| CVE-2019-5059 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||