Total
11936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | |||||
| CVE-2020-15564 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2023-11-07 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. | |||||
| CVE-2020-15563 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-11-07 | 4.7 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability. | |||||
| CVE-2020-14392 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | |||||
| CVE-2020-11865 | 3 Fedoraproject, Libemf Project, Opensuse | 3 Fedora, Libemf, Leap | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. | |||||
| CVE-2019-9895 | 3 Fedoraproject, Opengroup, Putty | 3 Fedora, Unix, Putty | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | |||||
| CVE-2019-8383 | 4 Advancemame, Debian, Fedoraproject and 1 more | 6 Advancecomp, Debian Linux, Fedora and 3 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. | |||||
| CVE-2019-8381 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-7524 | 4 Canonical, Debian, Dovecot and 1 more | 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. | |||||
| CVE-2019-7165 | 3 Debian, Dosbox, Fedoraproject | 3 Debian Linux, Dosbox, Fedora | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. | |||||
| CVE-2019-5762 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | |||||
| CVE-2019-3634 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. | |||||
| CVE-2019-3633 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. | |||||
| CVE-2019-3598 | 1 Mcafee | 1 Agent | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets. | |||||
| CVE-2019-19601 | 1 Opendetex Project | 1 Opendetex | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf. | |||||
| CVE-2019-19581 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2023-11-07 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable. | |||||
| CVE-2019-19481 | 1 Opensc Project | 1 Opensc | 2023-11-07 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | |||||
| CVE-2019-16707 | 2 Fedoraproject, Hunspell Project | 2 Fedora, Hunspell | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | |||||
| CVE-2019-15946 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2023-11-07 | 4.4 MEDIUM | 6.4 MEDIUM |
| OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | |||||
| CVE-2019-15945 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2023-11-07 | 4.4 MEDIUM | 6.4 MEDIUM |
| OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. | |||||