Export limit exceeded: 16271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6778 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 7 Ubuntu Linux, Fedora, Leap and 4 more | 2024-11-21 | N/A |
| In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | ||||
| CVE-2019-6706 | 3 Canonical, Lua, Redhat | 3 Ubuntu Linux, Lua, Enterprise Linux | 2024-11-21 | 7.5 High |
| Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. | ||||
| CVE-2019-6501 | 3 Fedoraproject, Qemu, Redhat | 5 Fedora, Qemu, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | ||||
| CVE-2019-6477 | 3 Fedoraproject, Isc, Redhat | 3 Fedora, Bind, Enterprise Linux | 2024-11-21 | 7.5 High |
| With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). | ||||
| CVE-2019-6471 | 3 F5, Isc, Redhat | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 15 more | 2024-11-21 | 5.9 Medium |
| A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. | ||||
| CVE-2019-6465 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. | ||||
| CVE-2019-6454 | 8 Canonical, Debian, Fedoraproject and 5 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | ||||
| CVE-2019-6251 | 7 Canonical, Fedoraproject, Gnome and 4 more | 7 Ubuntu Linux, Fedora, Epiphany and 4 more | 2024-11-21 | N/A |
| WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. | ||||
| CVE-2019-6237 | 2 Apple, Redhat | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-11-21 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-6133 | 4 Canonical, Debian, Polkit Project and 1 more | 12 Ubuntu Linux, Debian Linux, Polkit and 9 more | 2024-11-21 | N/A |
| In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. | ||||
| CVE-2019-6116 | 6 Artifex, Canonical, Debian and 3 more | 12 Ghostscript, Ubuntu Linux, Debian Linux and 9 more | 2024-11-21 | 7.8 High |
| In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | ||||
| CVE-2019-6109 | 9 Canonical, Debian, Fedoraproject and 6 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-11-21 | 6.8 Medium |
| An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | ||||
| CVE-2019-5953 | 2 Gnu, Redhat | 6 Wget, Enterprise Linux, Rhel Aus and 3 more | 2024-11-21 | N/A |
| Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. | ||||
| CVE-2019-5827 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 8.8 High |
| Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5798 | 6 Canonical, Debian, Google and 3 more | 8 Ubuntu Linux, Debian Linux, Chrome and 5 more | 2024-11-21 | 6.5 Medium |
| Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2019-5785 | 2 Google, Redhat | 2 Chrome, Enterprise Linux | 2024-11-21 | N/A |
| Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||||
| CVE-2019-5782 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||||
| CVE-2019-5781 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||||
| CVE-2019-5780 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Macos, Debian Linux, Fedora and 5 more | 2024-11-21 | N/A |
| Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | ||||
| CVE-2019-5779 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||