| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1010319 |
908 |
|
|
2019-07-11 |
2021-02-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. |
|
2 |
CVE-2019-1010317 |
908 |
|
|
2019-07-11 |
2021-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. |
|
3 |
CVE-2019-1010238 |
787 |
|
Exec Code Overflow |
2019-07-19 |
2022-04-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. |
|
4 |
CVE-2019-20367 |
125 |
|
|
2020-01-08 |
2021-04-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). |
|
5 |
CVE-2019-19844 |
640 |
|
|
2019-12-18 |
2020-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
|
6 |
CVE-2019-19534 |
909 |
|
|
2019-12-03 |
2022-03-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. |
|
7 |
CVE-2019-19529 |
416 |
|
|
2019-12-03 |
2020-08-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. |
|
8 |
CVE-2019-19344 |
416 |
|
|
2020-01-21 |
2020-03-25 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. |
|
9 |
CVE-2019-19330 |
74 |
|
|
2019-11-27 |
2020-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. |
|
10 |
CVE-2019-19244 |
|
|
|
2019-11-25 |
2022-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. |
|
11 |
CVE-2019-19242 |
476 |
|
|
2019-11-27 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. |
|
12 |
CVE-2019-19083 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1. |
|
13 |
CVE-2019-19082 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad. |
|
14 |
CVE-2019-19076 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted. |
|
15 |
CVE-2019-19072 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. |
|
16 |
CVE-2019-19067 |
401 |
|
DoS |
2019-11-18 |
2020-09-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading. |
|
17 |
CVE-2019-19065 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
** DISPUTED ** A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because "rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem)." |
|
18 |
CVE-2019-19055 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. |
|
19 |
CVE-2019-19045 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. |
|
20 |
CVE-2019-18804 |
476 |
|
|
2019-11-07 |
2022-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. |
|
21 |
CVE-2019-18679 |
200 |
|
Exec Code +Info |
2019-11-26 |
2020-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. |
|
22 |
CVE-2019-18678 |
444 |
|
|
2019-11-26 |
2020-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon. |
|
23 |
CVE-2019-18677 |
352 |
|
|
2019-11-26 |
2020-07-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. |
|
24 |
CVE-2019-18676 |
787 |
|
DoS Overflow |
2019-11-26 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme. |
|
25 |
CVE-2019-18660 |
200 |
|
+Info |
2019-11-27 |
2020-01-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. |
|
26 |
CVE-2019-18609 |
787 |
|
Overflow Mem. Corr. |
2019-12-01 |
2022-01-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer. |
|
27 |
CVE-2019-18408 |
416 |
|
|
2019-10-24 |
2019-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. |
|
28 |
CVE-2019-18218 |
787 |
|
Overflow |
2019-10-21 |
2021-09-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). |
|
29 |
CVE-2019-18197 |
416 |
|
|
2019-10-18 |
2020-08-24 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. |
|
30 |
CVE-2019-17544 |
125 |
|
|
2019-10-14 |
2021-08-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
|
31 |
CVE-2019-17266 |
125 |
|
|
2019-10-06 |
2019-11-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. |
|
32 |
CVE-2019-17134 |
287 |
|
Bypass |
2019-10-08 |
2019-11-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. |
|
33 |
CVE-2019-17055 |
862 |
|
|
2019-10-01 |
2022-03-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. |
|
34 |
CVE-2019-17025 |
787 |
|
Mem. Corr. |
2020-01-08 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. |
|
35 |
CVE-2019-17024 |
787 |
|
Mem. Corr. |
2020-01-08 |
2022-04-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
|
36 |
CVE-2019-17023 |
287 |
|
|
2020-01-08 |
2020-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. |
|
37 |
CVE-2019-17022 |
79 |
|
XSS |
2020-01-08 |
2020-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
|
38 |
CVE-2019-17020 |
20 |
|
Bypass |
2020-01-08 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72. |
|
39 |
CVE-2019-17017 |
843 |
|
|
2020-01-08 |
2020-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
|
40 |
CVE-2019-17016 |
79 |
|
XSS |
2020-01-08 |
2020-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
|
41 |
CVE-2019-16928 |
787 |
|
Exec Code Overflow |
2019-09-27 |
2022-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. |
|
42 |
CVE-2019-16866 |
755 |
|
|
2019-10-03 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. |
|
43 |
CVE-2019-16714 |
909 |
|
+Info |
2019-09-23 |
2022-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. |
|
44 |
CVE-2019-16713 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. |
|
45 |
CVE-2019-16711 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. |
|
46 |
CVE-2019-16710 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. |
|
47 |
CVE-2019-16709 |
401 |
|
|
2019-09-23 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. |
|
48 |
CVE-2019-16708 |
401 |
|
|
2019-09-23 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. |
|
49 |
CVE-2019-16275 |
346 |
|
DoS |
2019-09-12 |
2020-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. |
|
50 |
CVE-2019-16233 |
476 |
|
|
2019-09-11 |
2020-05-06 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. |
