CVE-2019-0211
- EPSS 65.01%
- Veröffentlicht 08.04.2019 22:29:00
- Zuletzt bearbeitet 27.10.2025 17:37:51
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2019-0217
- EPSS 17.67%
- Veröffentlicht 08.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:30
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...
CVE-2019-0160
- EPSS 1.34%
- Veröffentlicht 27.03.2019 20:29:03
- Zuletzt bearbeitet 21.11.2024 04:16:22
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2019-3877
- EPSS 2.13%
- Veröffentlicht 27.03.2019 13:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:46
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forw...
CVE-2019-3878
- EPSS 2.97%
- Veröffentlicht 26.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:46
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha...
CVE-2019-3838
- EPSS 2.64%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:40
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the cons...
CVE-2019-3856
- EPSS 6.13%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:43
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client syst...
CVE-2019-3857
- EPSS 6.13%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:43
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execut...
CVE-2019-3874
- EPSS 1.77%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:46
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
CVE-2018-16838
- EPSS 1.12%
- Veröffentlicht 25.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:24
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.