Max CVSS 9.3 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-19232 5.0
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulne
05-08-2024 - 02:16 19-12-2019 - 21:15
CVE-2020-10673 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
03-07-2024 - 01:36 18-03-2020 - 22:15
CVE-2020-5395 6.8
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
08-03-2024 - 01:15 03-01-2020 - 20:15
CVE-2019-11324 5.0
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure i
08-10-2023 - 14:15 18-04-2019 - 21:29
CVE-2019-14907 2.6
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such st
14-09-2023 - 17:15 21-01-2020 - 18:15
CVE-2019-13038 4.3
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
13-03-2023 - 00:15 29-06-2019 - 14:15
CVE-2019-14973 4.3
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application cras
02-03-2023 - 17:53 14-08-2019 - 06:15
CVE-2019-16056 5.0
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and imple
28-02-2023 - 14:30 06-09-2019 - 18:15
CVE-2019-17451 4.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
27-02-2023 - 15:32 10-10-2019 - 17:15
CVE-2018-10910 2.1
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication
13-02-2023 - 04:51 28-01-2019 - 15:29
CVE-2020-1726 5.8
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with a
12-02-2023 - 23:40 11-02-2020 - 20:15
CVE-2019-14834 4.3
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
12-02-2023 - 23:34 07-01-2020 - 17:15
CVE-2020-10699 7.2
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate
16-11-2022 - 03:11 15-04-2020 - 14:15
CVE-2019-19126 2.1
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping ad
08-11-2022 - 03:16 19-11-2019 - 22:15
CVE-2019-14818 5.0
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM me
07-11-2022 - 19:45 14-11-2019 - 17:15
CVE-2019-11498 4.3
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file
07-10-2022 - 13:44 24-04-2019 - 05:29
CVE-2019-5094 4.6
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition
27-06-2022 - 17:23 24-09-2019 - 22:15
CVE-2019-14822 3.6
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to inter
07-06-2022 - 18:41 25-11-2019 - 12:15
CVE-2019-18934 6.8
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ips
22-04-2022 - 19:57 19-11-2019 - 18:15
CVE-2019-9640 5.0
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
05-04-2022 - 20:48 09-03-2019 - 00:29
CVE-2019-3844 4.6
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker
31-01-2022 - 18:52 26-04-2019 - 21:29
CVE-2019-13456 2.9
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the pa
01-01-2022 - 20:06 03-12-2019 - 20:15
CVE-2019-14563 4.6
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
01-01-2022 - 18:11 23-11-2020 - 17:15
CVE-2019-17042 7.5
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account fo
06-12-2021 - 18:12 07-10-2019 - 16:15
CVE-2019-1010305 4.3
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm
30-11-2021 - 18:50 15-07-2019 - 15:15
CVE-2019-5482 7.5
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
03-11-2021 - 19:34 16-09-2019 - 19:15
CVE-2019-8457 7.5
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
31-07-2021 - 08:15 30-05-2019 - 16:29
CVE-2019-1563 4.3
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decryp
31-07-2021 - 08:15 10-09-2019 - 17:15
CVE-2019-1010180 6.8
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging.
21-07-2021 - 11:39 24-07-2019 - 13:15
CVE-2019-8696 6.5
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execu
30-10-2020 - 02:22 27-10-2020 - 20:15
CVE-2018-19662 5.8
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
29-10-2020 - 19:15 29-11-2018 - 08:29
CVE-2019-6477 5.0
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resourc
20-10-2020 - 12:15 26-11-2019 - 16:15
CVE-2019-15043 5.0
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
04-10-2020 - 18:15 03-09-2019 - 12:15
CVE-2020-1726 5.8
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with a
28-09-2020 - 15:15 11-02-2020 - 20:15
CVE-2019-14973 4.3
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application cras
28-09-2020 - 15:15 14-08-2019 - 06:15
CVE-2019-15847 5.0
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operati
17-09-2020 - 13:38 02-09-2019 - 23:15
CVE-2019-9143 6.8
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly h
24-08-2020 - 17:37 25-02-2019 - 15:29
CVE-2019-9854 6.8
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script
24-08-2020 - 17:37 06-09-2019 - 19:15
CVE-2018-19519 4.3
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
24-08-2020 - 17:37 25-11-2018 - 20:29
CVE-2018-12085 6.8
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
24-08-2020 - 17:37 09-06-2018 - 11:29
CVE-2019-13232 2.1
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
16-06-2020 - 18:25 04-07-2019 - 13:15
CVE-2019-11596 5.0
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
26-05-2020 - 16:15 29-04-2019 - 15:29
CVE-2019-19330 7.5
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
01-04-2020 - 21:15 27-11-2019 - 16:15
CVE-2020-10696 9.3
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user
01-04-2020 - 13:18 31-03-2020 - 22:15
CVE-2019-3696 4.4
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module f
24-03-2020 - 14:00 03-03-2020 - 11:15
CVE-2020-7053 4.6
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is relate
30-01-2020 - 16:15 14-01-2020 - 21:15
CVE-2019-3825 6.9
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to
09-10-2019 - 23:49 06-02-2019 - 20:29
CVE-2018-9251 2.6
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnera
03-10-2019 - 00:03 04-04-2018 - 02:29
CVE-2019-13636 5.8
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
24-07-2019 - 17:15 17-07-2019 - 21:15
CVE-2019-13045 6.8
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
03-07-2019 - 15:15 29-06-2019 - 14:15
CVE-2018-15587 4.3
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
10-06-2019 - 07:29 11-02-2019 - 17:29
CVE-2018-17828 5.8
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
28-11-2018 - 15:00 01-10-2018 - 08:29
CVE-2018-7263 6.8
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: thi
19-03-2018 - 18:34 20-02-2018 - 21:29
Back to Top Mark selected
Back to Top