CVE-2019-3855
- EPSS 9.22%
- Veröffentlicht 21.03.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:43
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system wh...
CVE-2019-9903
- EPSS 2.25%
- Veröffentlicht 21.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:32
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
CVE-2019-7222
- EPSS 0.68%
- Veröffentlicht 21.03.2019 16:01:11
- Zuletzt bearbeitet 21.11.2024 04:47:47
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-7221
- EPSS 0.81%
- Veröffentlicht 21.03.2019 16:01:10
- Zuletzt bearbeitet 21.11.2024 04:47:46
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-6454
- EPSS 2.04%
- Veröffentlicht 21.03.2019 16:01:08
- Zuletzt bearbeitet 21.11.2024 04:46:28
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl...
CVE-2018-20615
- EPSS 4.46%
- Veröffentlicht 21.03.2019 16:00:36
- Zuletzt bearbeitet 21.11.2024 04:01:51
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s...
CVE-2019-3816
- EPSS 14.74%
- Veröffentlicht 14.03.2019 22:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:36
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a sp...
CVE-2019-9741
- EPSS 2.35%
- Veröffentlicht 13.03.2019 08:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:12
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
CVE-2019-9636
- EPSS 8.81%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:01
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a ...
CVE-2019-9213
- EPSS 5.67%
- Veröffentlicht 05.03.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:13
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check...