CVEs (1,898)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Gnu Opensuse3Backports Sle LeapLibredwgNov 21, 2024 Dec 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec. |
2Gnu Opensuse3Backports Sle LeapLibredwgNov 21, 2024 Dec 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. |
2Gnu Opensuse3Backports Sle LeapLibredwgNov 21, 2024 Dec 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. |
2Gnu Opensuse3Backports Sle LeapLibredwgNov 21, 2024 Dec 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. |
2Gnu Opensuse3Backports Sle LeapLibredwgNov 21, 2024 Dec 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. |
2Opensuse Tigervnc2Leap TigervncNov 21, 2024 Dec 26, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote at...Show more |
2Opensuse Tigervnc2Leap TigervncNov 21, 2024 Dec 26, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of...Show more |
2Opensuse Tigervnc2Leap TigervncNov 21, 2024 Dec 26, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result int...Show more |
2Opensuse Tigervnc2Leap TigervncNov 21, 2024 Dec 26, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access st...Show more |
4Debian LinuxNetapp+1 more13Active Iq Unified Manager Aff Baseboard Management ControllerCloud Backup+10 moreNov 21, 2024 Dec 25, 2019 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. |
5Canonical DebianLinux+2 more168300 Firmware 8700 FirmwareA400 Firmware+13 moreNov 21, 2024 Dec 25, 2019 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f7...Show more |
8Debian NetappOpensuse+5 more11Backports Sle Cloud BackupDebian Linux+8 moreNov 21, 2024 Dec 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. |
8Debian NetappOpensuse+5 more11Backports Sle Cloud BackupDebian Linux+8 moreNov 21, 2024 Dec 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). |
3Debian GraphicsmagickOpensuse4Backports Debian LinuxGraphicsmagick+1 moreNov 21, 2024 Dec 24, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. |
3Debian GraphicsmagickOpensuse4Backports Debian LinuxGraphicsmagick+1 moreNov 21, 2024 Dec 24, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. |
3Debian GraphicsmagickOpensuse4Backports Debian LinuxGraphicsmagick+1 moreNov 21, 2024 Dec 24, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. |
4Canonical DebianImagemagick+1 more4Debian Linux ImagemagickLeap+1 moreNov 21, 2024 Dec 24, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. |
4Canonical DebianImagemagick+1 more4Debian Linux ImagemagickLeap+1 moreNov 21, 2024 Dec 24, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. |
6Apache CanonicalDebian+3 more6Debian Linux LeapOncommand System Manager+3 moreNov 21, 2024 Dec 23, 2019 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manip...Show more |
5Apache CanonicalDebian+2 more11Agile Engineering Data Management Debian LinuxHyperion Infrastructure Technology+8 moreNov 21, 2024 Dec 23, 2019 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too...Show more |