Overflow に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2019 年に公開され、Overflow に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2019-20200 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. | 6.5 | 1.17% | 2019-12-31 | 2026-06-16 |
| CVE-2019-20199 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. | 6.5 | 1.17% | 2019-12-31 | 2026-06-16 |
| CVE-2013-4357 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | 7.5 | 3.23% | 2019-12-31 | 2026-06-16 |
| CVE-2019-20172 | Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack. | 7.8 | 0.47% | 2019-12-30 | 2026-06-16 |
| CVE-2019-19927 | In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. | 6.0 | 0.75% | 2019-12-30 | 2026-06-16 |
| CVE-2019-13445 | An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line. | 9.8 | 2.21% | 2019-12-30 | 2026-06-16 |
| CVE-2019-16535 | In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. | 9.8 | 1.70% | 2019-12-30 | 2026-06-16 |
| CVE-2019-20089 | GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. | 7.8 | 0.78% | 2019-12-29 | 2026-06-16 |
| CVE-2019-20088 | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. | 7.8 | 0.86% | 2019-12-29 | 2026-06-16 |
| CVE-2019-20087 | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. | 8.8 | 1.04% | 2019-12-29 | 2026-06-16 |
| CVE-2019-20086 | GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. | 8.8 | 1.04% | 2019-12-29 | 2026-06-16 |
| CVE-2019-20053 | An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | 5.5 | 1.23% | 2019-12-27 | 2026-06-16 |
| CVE-2013-4743 | Static HTTP Server 1.0 has a Local Overflow | 9.8 | 8.40% | 2019-12-27 | 2026-06-16 |
| CVE-2019-20021 | A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | 5.5 | 1.10% | 2019-12-26 | 2026-06-16 |
| CVE-2019-20020 | A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. | 6.5 | 0.91% | 2019-12-26 | 2026-06-16 |
| CVE-2019-20018 | A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. | 6.5 | 1.06% | 2019-12-26 | 2026-06-16 |
| CVE-2019-20017 | A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. | 6.5 | 0.86% | 2019-12-26 | 2026-06-16 |
| CVE-2019-20011 | An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | 8.8 | 1.47% | 2019-12-26 | 2026-06-16 |
| CVE-2019-20005 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished). | 6.5 | 1.17% | 2019-12-26 | 2026-06-16 |
| CVE-2015-5290 | A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler. | 7.5 | 1.86% | 2019-12-26 | 2026-06-16 |