The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2019-16168 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query planner. | Medium | Sep 10, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-16167 | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | Medium | Sep 13, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | Medium | Sep 11, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2018-21010 | OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | Medium | Sep 5, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-15132 | Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the Login name or password is incorrect and No permissions for system access messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. | Medium | Aug 29, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2019-14973 | _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. | Medium | Aug 25, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-13105 | Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. | MEDIUM | Aug 7, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-13104 | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | MEDIUM | Aug 7, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-14197 | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | Medium | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-13103 | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | MEDIUM | Jul 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-14248 | In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when %pragma limit is mishandled. | MEDIUM | Jul 24, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-1010180 | GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. | MEDIUM | Jul 24, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-13626 | SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. | Medium | Jul 18, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-2805 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | Medium | Jul 25, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-2758 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | Medium | Jul 25, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-2740 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | Medium | Jul 25, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-2737 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | Medium | Jul 25, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-13616 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | Medium | Jul 17, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-12972 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \'\\0\' character. | Medium | Jun 27, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-10160 | A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. | Medium | Jun 11, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-12455 | An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.” | Medium | Jun 9, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-12448 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn\'t implement query_info_on_read/write. | Medium | May 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-10143 | It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated there is simply no way for anyone to gain privileges through this alleged issue. | Medium | May 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3814 | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. | Medium | Mar 28, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-9741 | An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \\r\\n followed by an HTTP header or a Redis command. | Medium | Mar 21, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2018-16838 | A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | MEDIUM | Mar 25, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-3835 | It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | MEDIUM | Mar 26, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3838 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | MEDIUM | Mar 26, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3858 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | Medium | Mar 28, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3859 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | Medium | Mar 28, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3860 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | Medium | Mar 28, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3861 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | Medium | Mar 28, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3862 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | Medium | Mar 28, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-9071 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | Medium | Mar 15, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-9073 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. | Medium | Mar 15, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-9074 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | Medium | Mar 15, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-9075 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. | Medium | Mar 15, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-9077 | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. | Medium | Mar 15, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2016-10742 | Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | Medium | Mar 13, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2009-5155 | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | Medium | Mar 25, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-3813 | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. | Medium | Feb 5, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-6116 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | MEDIUM | Feb 5, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-6461 | An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. | Medium | Jan 18, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-6462 | An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. | Medium | Jan 18, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-6706 | Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. | Medium | Jan 26, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-7282 | In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. | MEDIUM | Jan 31, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-7283 | An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. | MEDIUM | Jan 31, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-7663 | An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. | MEDIUM | Feb 9, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2018-20699 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | MEDIUM | Jan 11, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-6128 | The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. | MEDIUM | Jan 11, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |