CVE-2019-10649
- EPSS 1.74%
- Veröffentlicht 30.03.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:19:40
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
CVE-2019-10650
- EPSS 4.09%
- Veröffentlicht 30.03.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:19:40
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
CVE-2019-0222
- EPSS 12.36%
- Veröffentlicht 28.03.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:31
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
CVE-2019-7524
- EPSS 1.18%
- Veröffentlicht 28.03.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:16
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
CVE-2017-7655
- EPSS 1.76%
- Veröffentlicht 27.03.2019 20:29:02
- Zuletzt bearbeitet 21.11.2024 03:32:23
In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
CVE-2019-5418
- EPSS 98.51%
- Veröffentlicht 27.03.2019 14:29:01
- Zuletzt bearbeitet 30.10.2025 20:40:11
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2019-5419
- EPSS 8.67%
- Veröffentlicht 27.03.2019 14:29:01
- Zuletzt bearbeitet 21.11.2024 04:44:54
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
CVE-2019-5420
- EPSS 92.14%
- Veröffentlicht 27.03.2019 14:29:01
- Zuletzt bearbeitet 21.11.2024 04:44:54
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals t...
CVE-2019-6341
- EPSS 12.41%
- Veröffentlicht 26.03.2019 18:29:01
- Zuletzt bearbeitet 21.11.2024 04:46:26
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) ...
CVE-2019-3835
- EPSS 2.64%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:39
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains i...