CVE-2019-0757
- EPSS 2.7%
- Veröffentlicht 09.04.2019 02:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:13
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
CVE-2019-0211
- EPSS 65.01%
- Veröffentlicht 08.04.2019 22:29:00
- Zuletzt bearbeitet 27.10.2025 17:37:51
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2019-0160
- EPSS 1.34%
- Veröffentlicht 27.03.2019 20:29:03
- Zuletzt bearbeitet 21.11.2024 04:16:22
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2019-9948
- EPSS 11.84%
- Veröffentlicht 23.03.2019 18:29:02
- Zuletzt bearbeitet 21.11.2024 04:52:39
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call...
CVE-2019-9903
- EPSS 2.25%
- Veröffentlicht 21.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:32
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
CVE-2019-7222
- EPSS 0.68%
- Veröffentlicht 21.03.2019 16:01:11
- Zuletzt bearbeitet 21.11.2024 04:47:47
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-6454
- EPSS 2.04%
- Veröffentlicht 21.03.2019 16:01:08
- Zuletzt bearbeitet 21.11.2024 04:46:28
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl...
CVE-2019-3816
- EPSS 14.74%
- Veröffentlicht 14.03.2019 22:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:36
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a sp...
CVE-2019-9636
- EPSS 8.81%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:01
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a ...
CVE-2019-7164
- EPSS 3.53%
- Veröffentlicht 20.02.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:41
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.