Total
9138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16220 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. | |||||
| CVE-2019-16219 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in shortcode previews. | |||||
| CVE-2019-16218 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in stored comments. | |||||
| CVE-2019-16217 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | |||||
| CVE-2019-16201 | 2 Debian, Ruby-lang | 2 Debian Linux, Ruby | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. | |||||
| CVE-2019-16168 | 8 Canonical, Debian, Fedoraproject and 5 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | |||||
| CVE-2019-16167 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | |||||
| CVE-2019-16163 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | |||||
| CVE-2019-16159 | 4 Debian, Fedoraproject, Nic and 1 more | 4 Debian Linux, Fedora, Bird and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | |||||
| CVE-2019-16056 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | |||||
| CVE-2019-15961 | 4 Canonical, Cisco, Clamav and 1 more | 4 Ubuntu Linux, Email Security Appliance Firmware, Clamav and 1 more | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
| A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. | |||||
| CVE-2019-15946 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
| OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | |||||
| CVE-2019-15945 | 3 Debian, Fedoraproject, Opensc Project | 3 Debian Linux, Fedora, Opensc | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
| OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. | |||||
| CVE-2019-15939 | 3 Debian, Opencv, Opensuse | 3 Debian Linux, Opencv, Leap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. | |||||
| CVE-2019-15926 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. | |||||
| CVE-2019-15917 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. | |||||
| CVE-2019-15902 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | |||||
| CVE-2019-15892 | 3 Debian, Varnish-software, Varnish Cache Project | 3 Debian Linux, Varnish Cache, Varnish Cache | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. | |||||
| CVE-2019-15846 | 2 Debian, Exim | 2 Debian Linux, Exim | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |||||
| CVE-2019-15807 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | |||||