Total
6761 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20892 | 3 Net-snmp, Oracle, Redhat | 3 Net-snmp, Zfs Storage Appliance Kit, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. | ||||
| CVE-2019-20795 | 2 Canonical, Iproute2 Project | 2 Ubuntu Linux, Iproute2 | 2024-11-21 | 4.4 Medium |
| iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. | ||||
| CVE-2019-20792 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | 6.8 Medium |
| OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. | ||||
| CVE-2019-20633 | 1 Gnu | 1 Patch | 2024-11-21 | 5.5 Medium |
| GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. | ||||
| CVE-2019-20628 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | ||||
| CVE-2019-20600 | 2 Google, Samsung | 2 Android, Exynos 8890 | 2024-11-21 | 7.1 High |
| An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019). | ||||
| CVE-2019-20582 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019). | ||||
| CVE-2019-20568 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (September 2019). | ||||
| CVE-2019-20397 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 8.8 High |
| A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | ||||
| CVE-2019-20394 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 8.8 High |
| A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | ||||
| CVE-2019-20393 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 8.8 High |
| A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | ||||
| CVE-2019-20169 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c. | ||||
| CVE-2019-20168 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c. | ||||
| CVE-2019-20090 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.8 High |
| An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. | ||||
| CVE-2019-20079 | 2 Canonical, Vim | 2 Ubuntu Linux, Vim | 2024-11-21 | 7.8 High |
| The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | ||||
| CVE-2019-20010 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | ||||
| CVE-2019-20006 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 7.5 High |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault. | ||||
| CVE-2019-1992 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069. | ||||
| CVE-2019-1741 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.5 High |
| A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. | ||||
| CVE-2019-1208 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-11-21 | 7.5 High |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. | ||||