CVE-2019-9023
- EPSS 9.32%
- Veröffentlicht 22.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:50:49
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte ...
CVE-2019-9024
- EPSS 7.12%
- Veröffentlicht 22.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:50:50
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlr...
CVE-2019-8980
- EPSS 5.85%
- Veröffentlicht 21.02.2019 05:29:01
- Zuletzt bearbeitet 21.11.2024 04:50:44
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2018-5817
- EPSS 2.51%
- Veröffentlicht 20.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:28
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
CVE-2018-5818
- EPSS 2.33%
- Veröffentlicht 20.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:28
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
CVE-2018-5819
- EPSS 2.82%
- Veröffentlicht 20.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:28
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
CVE-2019-8942
- EPSS 82.74%
- Veröffentlicht 20.02.2019 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:50:42
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can exe...
CVE-2019-7164
- EPSS 3.53%
- Veröffentlicht 20.02.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:41
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2019-5780
- EPSS 0.34%
- Veröffentlicht 19.02.2019 17:29:02
- Zuletzt bearbeitet 21.11.2024 04:45:28
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
CVE-2019-5781
- EPSS 1.47%
- Veröffentlicht 19.02.2019 17:29:02
- Zuletzt bearbeitet 21.11.2024 04:45:28
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.