CVE-2019-13272
- EPSS 52.2%
- Veröffentlicht 17.07.2019 13:15:10
- Zuletzt bearbeitet 06.11.2025 16:51:07
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with...
CVE-2019-13616
- EPSS 3.3%
- Veröffentlicht 16.07.2019 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:25:22
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-12527
- EPSS 50.45%
- Veröffentlicht 11.07.2019 19:15:13
- Zuletzt bearbeitet 21.11.2024 04:23:02
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leadin...
CVE-2019-10192
- EPSS 26.05%
- Veröffentlicht 11.07.2019 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:18:37
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis...
CVE-2019-10193
- EPSS 23.7%
- Veröffentlicht 11.07.2019 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:18:37
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perfo...
CVE-2019-13313
- EPSS 0.43%
- Veröffentlicht 05.07.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:24:41
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
CVE-2019-10183
- EPSS 0.4%
- Veröffentlicht 03.07.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:18:36
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the s...
- EPSS 3.71%
- Veröffentlicht 26.06.2019 16:15:09
- Zuletzt bearbeitet 21.11.2024 04:18:33
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often su...
- EPSS 0.39%
- Veröffentlicht 25.06.2019 12:15:11
- Zuletzt bearbeitet 21.11.2024 04:23:38
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of pow...
CVE-2019-12384
- EPSS 45.21%
- Veröffentlicht 24.06.2019 16:15:15
- Zuletzt bearbeitet 21.11.2024 04:22:43
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be ...