CWE:
 

Topic
Date
Author
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...


CVEMAP Search Results

CVE
Details
Description
2019-10-09
Low
CVE-2019-17371

Vendor: Libpng
Software: Libpng
 

 
libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct.

 
2019-10-08
Medium
CVE-2019-17359

Vendor: Bouncycastle
Software: Legion-of-th...
 

 
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

 
2019-10-04
Medium
CVE-2019-17177

Vendor: Freerdp
Software: Freerdp
 

 
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

 
Low
CVE-2019-16865

Vendor: Python
Software: Pillow
 

 
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

 
Medium
CVE-2019-17183

Vendor: Foxitsoftware
Software: Reader
 

 
Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.

 
Medium
CVE-2019-17178

Vendor: Freerdp
Software: Freerdp
 

 
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

 
2019-10-01
Medium
CVE-2019-17067

Vendor: Putty
Software: Putty
 

 
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

 
2019-09-30
High
CVE-2019-16994

Vendor: Linux
Software: Linux kernel
 

 
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

 
High
CVE-2019-16995

Vendor: Linux
Software: Linux kernel
 

 
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

 
2019-09-27
Medium
CVE-2019-9290

Vendor: Google
Software: Android
 

 
In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113039724

 

 


Copyright 2019, cxsecurity.com

 

Back to Top