Total
8221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-2022 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120506143 | ||||
| CVE-2019-2021 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120428041 | ||||
| CVE-2019-2020 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-116788646 | ||||
| CVE-2019-2019 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-115635871 | ||||
| CVE-2019-25049 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2024-11-21 | 7.1 High |
| LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). | ||||
| CVE-2019-25048 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2024-11-21 | 7.1 High |
| LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). | ||||
| CVE-2019-25014 | 2 Istio, Redhat | 3 Istio, Openshift Service Mesh, Service Mesh | 2024-11-21 | 6.5 Medium |
| A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application). | ||||
| CVE-2019-20915 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.1 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c. | ||||
| CVE-2019-20913 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.1 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec. | ||||
| CVE-2019-20910 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.1 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. | ||||
| CVE-2019-20838 | 4 Apple, Pcre, Redhat and 1 more | 5 Macos, Pcre, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | ||||
| CVE-2019-20808 | 1 Qemu | 1 Qemu | 2024-11-21 | 6.5 Medium |
| In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. | ||||
| CVE-2019-20630 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. | ||||
| CVE-2019-20629 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | ||||
| CVE-2019-20549 | 2 Broadcom, Google | 11 Bcm43162, Bcm43224, Bcm4323 and 8 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019). | ||||
| CVE-2019-20540 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019). | ||||
| CVE-2019-20539 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019). | ||||
| CVE-2019-20531 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019). | ||||
| CVE-2019-20503 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux and 3 more | 2024-11-21 | 6.5 Medium |
| usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | ||||
| CVE-2019-20454 | 4 Fedoraproject, Pcre, Redhat and 1 more | 4 Fedora, Pcre2, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. | ||||