Vulnerabilities (CVE)

CWE filter

CWE-119

Filter

12412 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16227 1 Py-lmdb Project 1 Py-lmdb 2019-10-12 7.5
An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVE-2019-16226 1 Py-lmdb Project 1 Py-lmdb 2019-10-12 5.0
An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVE-2019-16225 1 Py-lmdb Project 1 Py-lmdb 2019-10-12 7.5
An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVE-2019-16224 1 Py-lmdb Project 1 Py-lmdb 2019-10-12 7.5
An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVE-2018-7873 2 Libming, Debian 2 Libming, Debian Linux 2019-10-12 4.3
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.
CVE-2010-5331 1 Linux 1 Linux Kernel 2019-10-12 7.5
In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem.
CVE-2019-1311 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-10-11 9.3
A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.
CVE-2019-1331 2 Microsoft, Microsoftl 6 Excel, Office, Office 365 Proplus and 3 more 2019-10-11 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
CVE-2019-1238 1 Microsoft 1 Internet Explorer 2019-10-11 7.1
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.
CVE-2019-1239 1 Microsoft 1 Internet Explorer 2019-10-11 7.6
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.
CVE-2019-1325 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 4.9
An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive...
CVE-2019-1327 1 Microsoft 2 Excel, Office 365 Proplus 2019-10-11 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.
CVE-2019-5048 1 Gonitro 1 Nitropdf 2019-10-11 6.8
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...
CVE-2019-5050 1 Gonitro 1 Nitropdf 2019-10-11 6.8
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...
CVE-2019-5045 1 Gonitro 1 Nitropdf 2019-10-11 6.8
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this...
CVE-2018-11768 1 Apache 1 Hadoop 2019-10-10 5.0
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
CVE-2019-12687 1 Cisco 1 Firepower Management Center 2019-10-10 9.0
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker...
CVE-2019-12688 1 Cisco 1 Firepower Management Center 2019-10-10 9.0
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker...
CVE-2017-15221 1 Asx To Mp3 Converter Project 1 Asx To Mp3 Converter 2019-10-10 6.8
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
CVE-2019-11929 1 Facebook 1 Hhvm 2019-10-10 7.5
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0...