Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-5460

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-30 Jul, 2019 | 20:38
Updated At-04 Aug, 2024 | 19:54
Rejected At-
Credits

Double Free in VLC versions <= 3.0.6 leads to a crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:30 Jul, 2019 | 20:38
Updated At:04 Aug, 2024 | 19:54
Rejected At:
ā–¼CVE Numbering Authority (CNA)

Double Free in VLC versions <= 3.0.6 leads to a crash.

Affected Products
Vendor
n/a
Product
VLC Media Player
Versions
Affected
  • Fixed in 3.0.7
Problem Types
TypeCWE IDDescription
CWECWE-415Double Free (CWE-415)
Type: CWE
CWE ID: CWE-415
Description: Double Free (CWE-415)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://hackerone.com/reports/503208
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://hackerone.com/reports/503208
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
Resource:
vendor-advisory
x_refsource_SUSE
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://hackerone.com/reports/503208
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://hackerone.com/reports/503208
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:30 Jul, 2019 | 21:15
Updated At:03 Mar, 2023 | 17:50

Double Free in VLC versions <= 3.0.6 leads to a crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches

VideoLAN
videolan
>>vlc_media_player>>Versions up to 3.0.6(inclusive)
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
openSUSE
opensuse
>>backports>>sle-15
cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*
openSUSE
opensuse
>>backports>>sle-15
cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-415Primarynvd@nist.gov
CWE-415Secondarysupport@hackerone.com
CWE ID: CWE-415
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-415
Type: Secondary
Source: support@hackerone.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.htmlsupport@hackerone.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.htmlsupport@hackerone.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.htmlsupport@hackerone.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.htmlsupport@hackerone.com
Mailing List
Third Party Advisory
https://hackerone.com/reports/503208support@hackerone.com
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
Source: support@hackerone.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
Source: support@hackerone.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
Source: support@hackerone.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
Source: support@hackerone.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://hackerone.com/reports/503208
Source: support@hackerone.com
Resource:
Exploit
Issue Tracking
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

294Records found

CVE-2015-5203
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.93% / 77.70%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Action-Not Available
Vendor-n/aJasPeropenSUSEFedora Project
Product-leapfedorajasperopensusen/a
CWE ID-CWE-415
Double Free
CVE-2020-17498
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.89% / 85.34%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 15:55
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

Action-Not Available
Vendor-n/aWireshark FoundationOracle CorporationFedora ProjectopenSUSE
Product-wiresharkfedorazfs_storage_appliance_kitleapn/a
CWE ID-CWE-415
Double Free
CVE-2019-9209
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.40% / 69.40%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

Action-Not Available
Vendor-n/aCanonical Ltd.Wireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkubuntu_linuxdebian_linuxleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
CVE-2020-15209
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.80% / 52.50%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:45
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in tensorflow-lite

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15999
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-50.63% / 98.80%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 00:00
Updated-24 Oct, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-freetypeDebian GNU/LinuxopenSUSENetApp, Inc.Fedora ProjectGoogle LLC
Product-debian_linuxbackports_slefreetypeontap_select_deploy_administration_utilityfedorachromeChromeChrome FreeType
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14578
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-4.04% / 89.49%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSEMcAfee, LLC
Product-steelstore_cloud_integrated_storageactive_iq_unified_managerstoragegridsantricity_unified_managere-series_performance_analyzeroncommand_workflow_automationepolicy_orchestratorcloud_secure_agent7-mode_transition_toolubuntu_linuxopenjdksnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxjreoncommand_insightJava
CVE-2016-8569
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.84% / 76.56%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

Action-Not Available
Vendor-libgit2_projectn/aopenSUSEFedora ProjectSUSE
Product-linux_enterpriselibgit2leapfedoraopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14779
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-3.76% / 88.69%
||
7 Day CHG+0.04%
Published-21 Oct, 2020 | 14:04
Updated-27 May, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationopenSUSE
Product-active_iq_unified_managersantricity_cloud_connectorsantricity_unified_managersolidfire7-mode_transition_toolopenjdkjresnapmanagerleaponcommand_unified_manager_core_packagejdke-series_santricity_storage_managerfedorae-series_santricity_os_controllere-series_santricity_web_serviceshci_storage_nodedebian_linuxhci_management_nodeoncommand_insightJava SE JDK and JRE
CVE-2020-13143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.50% / 90.44%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 17:50
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

Action-Not Available
Vendor-n/aNetApp, Inc.Canonical Ltd.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-ubuntu_linuxbootstrap_osa700s_firmwarecloud_backuph300s_firmwareh410c_firmwareh410sh610s_firmwareh300shci_compute_nodesolidfire_baseboard_management_controllersteelstore_cloud_integrated_storageh300e_firmwareh610sh500ehci_management_nodeh500s_firmwareh500e_firmwarea700sh700eh610c_firmwareh610cleaph300eh500sh615c_firmwareactive_iq_unified_managerelement_softwaresolidfiredebian_linuxlinux_kernelh410s_firmwareh700s_firmwareh615ch410ch700e_firmwaresolidfire_baseboard_management_controller_firmwareh700sn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.23% / 65.67%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 15:09
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).

Action-Not Available
Vendor-libemf_projectn/aopenSUSEFedora Project
Product-libemffedoraleapn/a
CVE-2020-11993
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-58.72% / 99.00%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 15:32
Updated-01 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.The Apache Software FoundationOracle CorporationopenSUSEDebian GNU/LinuxNetApp, Inc.
Product-ubuntu_linuxcommunications_session_route_managerdebian_linuxfedoracommunications_element_managercommunications_session_report_managerhyperion_infrastructure_technologyhttp_serverleapzfs_storage_appliance_kitenterprise_manager_ops_centerinstantis_enterprisetrackclustered_data_ontapApache HTTP Server
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2020-11765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.70% / 74.67%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:41
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-193
Off-by-one Error
CVE-2020-11764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.79% / 75.84%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:41
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.81% / 76.14%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:42
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.81% / 76.14%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:42
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-10711
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-3.10% / 86.28%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 14:09
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-3scaleubuntu_linuxdebian_linuxlinux_kernelopenstackvirtualization_hostenterprise_linuxenterprise_linux_ausenterprise_linux_server_tusmessaging_realtime_gridleapKernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-7150
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.39% / 69.23%
||
7 Day CHG~0.00%
Published-29 Jan, 2019 | 00:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

Action-Not Available
Vendor-elfutils_projectn/aCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxelfutilsenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-7665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.37% / 68.77%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 16:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

Action-Not Available
Vendor-elfutils_projectn/aCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxelfutilsenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-8568
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.90% / 77.39%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

Action-Not Available
Vendor-libgit2_projectn/aopenSUSEFedora ProjectSUSE
Product-linux_enterpriselibgit2leapfedoraopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-8688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.98% / 78.31%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

Action-Not Available
Vendor-n/alibarchiveopenSUSE
Product-leaplibarchiven/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-7663
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.37% / 87.41%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 16:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

Action-Not Available
Vendor-n/aopenSUSELibTIFFDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxlibtiffdebian_linuxleapn/a
CVE-2019-5163
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-2.29% / 81.28%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 21:55
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.

Action-Not Available
Vendor-shadowsocksn/aopenSUSE
Product-shadowsocks-libevbackportsleapShadowsocks
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-5805
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 70.55%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5439
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-5.29% / 91.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:38
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.

Action-Not Available
Vendor-n/aVideoLAN
Product-vlc_media_playerVLC Media Player
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-5845
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 69.35%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 22:35
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5844
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 69.35%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 22:35
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5846
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 69.35%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 22:35
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6265
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.63% / 73.56%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

Action-Not Available
Vendor-n/aArtifex Software Inc.openSUSE
Product-leapmupdfopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2019-2962
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-3.53% / 87.96%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-2988
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-3.28% / 87.07%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-2964
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-3.53% / 87.96%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-2978
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-3.28% / 87.07%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxactive_iq_unified_managersatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-2992
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-3.47% / 87.75%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
CVE-2019-20012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.36% / 68.57%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 00:15
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2011-3040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.71% / 74.74%
||
7 Day CHG+0.01%
Published-05 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLC
Product-itunesiphone_ossafarichromeopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20053
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.23% / 65.49%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 21:59
Updated-11 Apr, 2025 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

Action-Not Available
Vendor-upxn/aopenSUSE
Product-upxleapbackportsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-20446
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.12% / 79.85%
||
7 Day CHG~0.00%
Published-02 Feb, 2020 | 00:00
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxopenSUSEThe GNOME ProjectNetApp, Inc.Fedora Project
Product-ubuntu_linuxdebian_linuxlibrsvgfedoraactive_iq_unified_managerleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-20013
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.37% / 68.90%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 00:14
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-6132
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.27% / 87.01%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Action-Not Available
Vendor-libgdn/aDebian GNU/LinuxopenSUSE
Product-leaplibgddebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-6161
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-2.77% / 84.69%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

Action-Not Available
Vendor-libgdn/aDebian GNU/LinuxopenSUSE
Product-leaplibgddebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-17451
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.40% / 82.14%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 16:20
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUopenSUSE
Product-ubuntu_linuxbinutilsleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-1788
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.84% / 76.59%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:15
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV OLE2 File Out-Of-Bounds Write Vulnerability

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.

Action-Not Available
Vendor-Debian GNU/LinuxClamAVopenSUSECisco Systems, Inc.
Product-clamavdebian_linuxleapClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-16708
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.81%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-16711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.81%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2016-5316
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.19% / 80.39%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

Action-Not Available
Vendor-n/aLibTIFFopenSUSE
Product-leaplibtiffopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16167
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.53% / 72.00%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 00:00
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

Action-Not Available
Vendor-sysstat_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorasysstatleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-16709
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.81% / 84.96%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Action-Not Available
Vendor-n/aImageMagick Studio LLCopenSUSECanonical Ltd.
Product-ubuntu_linuximagemagickbackportsleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-16710
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.81%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-16713
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.81%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2016-6214
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.20% / 86.70%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Action-Not Available
Vendor-libgdn/aDebian GNU/LinuxopenSUSE
Product-leaplibgddebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found