CVE-2018-20784
- EPSS 4.17%
- Veröffentlicht 22.02.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:10
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
CVE-2019-7164
- EPSS 3.53%
- Veröffentlicht 20.02.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:41
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-8912
- EPSS 0.65%
- Veröffentlicht 18.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:50:39
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
CVE-2019-6974
- EPSS 16.52%
- Veröffentlicht 15.02.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:20
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-5736
- EPSS 98.57%
- Veröffentlicht 11.02.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:45:24
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types ...
CVE-2019-7664
- EPSS 1.03%
- Veröffentlicht 09.02.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:29
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7665
- EPSS 1.37%
- Veröffentlicht 09.02.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:29
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does n...
CVE-2019-7548
- EPSS 1.78%
- Veröffentlicht 06.02.2019 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:48:18
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CVE-2018-16890
- EPSS 5.35%
- Veröffentlicht 06.02.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:32
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subjec...
CVE-2019-3822
- EPSS 12.77%
- Veröffentlicht 06.02.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:36
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents...