Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4026 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-08-05 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot. | ||||
| CVE-2019-20175 | 1 Qemu | 1 Qemu | 2024-08-05 | 7.5 High |
| An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert. | ||||
| CVE-2019-1010239 | 2 Cjson Project, Oracle | 2 Cjson, Timesten In-memory Database | 2024-08-05 | 7.5 High |
| DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. | ||||
| CVE-2019-19646 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-08-05 | 9.8 Critical |
| pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | ||||
| CVE-2019-17257 | 1 Irfanview | 1 Irfanview | 2024-08-05 | 5.5 Medium |
| IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80. | ||||
| CVE-2019-15900 | 1 Doas Project | 1 Doas | 2024-08-05 | 9.8 Critical |
| An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root. | ||||
| CVE-2019-15695 | 3 Opensuse, Redhat, Tigervnc | 3 Leap, Enterprise Linux, Tigervnc | 2024-08-05 | 7.2 High |
| TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2019-14891 | 3 Fedoraproject, Kubernetes, Redhat | 4 Fedora, Cri-o, Openshift and 1 more | 2024-08-05 | 5.0 Medium |
| A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. | ||||
| CVE-2019-14607 | 1 Intel | 756 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 753 more | 2024-08-05 | 5.3 Medium |
| Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11779 | 5 Canonical, Debian, Eclipse and 2 more | 6 Ubuntu Linux, Debian Linux, Mosquitto and 3 more | 2024-08-04 | 6.5 Medium |
| In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | ||||
| CVE-2019-11459 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-08-04 | 5.5 Medium |
| The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | ||||
| CVE-2019-11139 | 3 Debian, Intel, Opensuse | 116 Debian Linux, Xeon 3104, Xeon 3104 Firmware and 113 more | 2024-08-04 | 6.0 Medium |
| Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2019-11165 | 1 Intel | 1 Field Programmable Gate Array Software Development Kit For Opencl | 2024-08-04 | 5.5 Medium |
| Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-10051 | 1 Suricata-ids | 1 Suricata | 2024-08-04 | N/A |
| An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes. | ||||
| CVE-2019-9633 | 1 Gnome | 1 Glib | 2024-08-04 | N/A |
| gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | ||||
| CVE-2019-8960 | 1 Flexera | 1 Flexnet Publisher | 2024-08-04 | 7.5 High |
| A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination. | ||||
| CVE-2019-7167 | 1 Z.cash | 1 Zcash | 2024-08-04 | N/A |
| Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction. | ||||
| CVE-2019-6857 | 1 Schneider-electric | 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more | 2024-08-04 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. | ||||
| CVE-2019-6856 | 1 Schneider-electric | 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more | 2024-08-04 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. | ||||
| CVE-2019-6833 | 1 Schneider-electric | 49 Hmig2u, Hmig3u, Hmig3ufc and 46 more | 2024-08-04 | 6.5 Medium |
| A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. | ||||