CVE-2019-6974
- EPSS 16.52%
- Veröffentlicht 15.02.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:20
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-7664
- EPSS 1.03%
- Veröffentlicht 09.02.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:29
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7665
- EPSS 1.37%
- Veröffentlicht 09.02.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:29
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does n...
CVE-2019-7548
- EPSS 1.78%
- Veröffentlicht 06.02.2019 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:48:18
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2018-18506
- EPSS 2.18%
- Veröffentlicht 05.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:04
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This b...
CVE-2019-7310
- EPSS 2.2%
- Veröffentlicht 03.02.2019 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:58
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a c...
CVE-2019-6109
- EPSS 3.81%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:34
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t...
CVE-2019-6111
- EPSS 58.2%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 18.12.2025 15:15:48
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned...
CVE-2019-7150
- EPSS 1.39%
- Veröffentlicht 29.01.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:40
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted inp...
CVE-2019-2529
- EPSS 4.61%
- Veröffentlicht 16.01.2019 19:30:35
- Zuletzt bearbeitet 21.11.2024 04:41:03
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged at...