Skip to main content
CVE-2019-13290 HIGH POC This Week

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mupdf
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2019-13289 HIGH POC This Week

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Xpdfreader
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-13283 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-13282 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-13281 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-13262 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13261 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13260 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13259 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13258 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13257 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13256 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13255 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13254 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13253 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13252 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13251 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13250 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13249 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13248 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13247 HIGH POC This Week

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Acdsee
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13246 HIGH POC This Week

FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13245 HIGH POC This Week

FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13244 HIGH POC This Week

FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13243 HIGH POC This Week

IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.8%
CVE-2019-13242 HIGH POC This Week

IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Irfanview
NVD GitHub
CVSS 3.0
7.8
EPSS
2.1%
CVE-2019-13241 HIGH POC This Week

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Flightcrew Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-13238 HIGH POC This Week

An issue was discovered in Bento4 1.5.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-13233 HIGH POC PATCH This Week

In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.0
EPSS
0.5%
CVE-2019-1886 HIGH This Week

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asyncos Web Security Appliance
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2019-1855 HIGH This Week

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft RCE Cisco Jabber
NVD
CVSS 3.1
7.3
EPSS
2.2%
CVE-2019-1889 HIGH This Week

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2019-13226 HIGH PATCH This Week

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. Rated high severity (CVSS 7.0).

Information Disclosure Deepin Clone Fedora
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy