Total
1918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20919 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | |||||
| CVE-2019-20839 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||||
| CVE-2019-2938 | 6 Canonical, Fedoraproject, Mariadb and 3 more | 9 Ubuntu Linux, Fedora, Mariadb and 6 more | 2023-11-07 | 3.5 LOW | 4.4 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2974 | 5 Canonical, Fedoraproject, Mariadb and 2 more | 5 Ubuntu Linux, Fedora, Mariadb and 2 more | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-20787 | 2 Opensuse, Teeworlds | 2 Leap, Teeworlds | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. | |||||
| CVE-2019-2805 | 6 Canonical, Fedoraproject, Mariadb and 3 more | 11 Ubuntu Linux, Fedora, Mariadb and 8 more | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-20382 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-11-07 | 2.7 LOW | 3.5 LOW |
| QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | |||||
| CVE-2019-1559 | 13 Canonical, Debian, F5 and 10 more | 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). | |||||
| CVE-2019-1351 | 2 Microsoft, Opensuse | 3 Visual Studio 2017, Visual Studio 2019, Leap | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | |||||
| CVE-2019-1348 | 2 Git-scm, Opensuse | 2 Git, Leap | 2023-11-07 | 3.6 LOW | 3.3 LOW |
| An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. | |||||
| CVE-2019-1551 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). | |||||
| CVE-2019-1353 | 2 Git-scm, Opensuse | 2 Git, Leap | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. | |||||
| CVE-2019-19056 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. | |||||
| CVE-2019-18804 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. | |||||
| CVE-2019-19583 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. | |||||
| CVE-2019-19918 | 3 Fedoraproject, Lout Project, Opensuse | 4 Fedora, Lout, Backports Sle and 1 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. | |||||
| CVE-2019-19068 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 4.9 MEDIUM | 4.6 MEDIUM |
| A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. | |||||
| CVE-2019-19062 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. | |||||
| CVE-2019-19063 | 7 Broadcom, Canonical, Fedoraproject and 4 more | 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Fedora and 17 more | 2023-11-07 | 4.9 MEDIUM | 4.6 MEDIUM |
| Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. | |||||
| CVE-2019-19451 | 3 Fedoraproject, Gnome, Opensuse | 3 Fedora, Dia, Leap | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. | |||||