CVE-2019-7282
- EPSS 2.07%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:55
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is s...
CVE-2019-7283
- EPSS 1.76%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:55
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh serv...
CVE-2018-17189
- EPSS 19.4%
- Veröffentlicht 30.01.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:54:03
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_htt...
CVE-2018-17199
- EPSS 19.99%
- Veröffentlicht 30.01.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:54:04
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session...
CVE-2018-20748
- EPSS 3.23%
- Veröffentlicht 30.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:05
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
CVE-2018-20749
- EPSS 3.23%
- Veröffentlicht 30.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:05
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
CVE-2018-20750
- EPSS 3.34%
- Veröffentlicht 30.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:05
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
CVE-2019-7149
- EPSS 2.21%
- Veröffentlicht 29.01.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:39
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
CVE-2019-7150
- EPSS 1.39%
- Veröffentlicht 29.01.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:40
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted inp...
CVE-2019-3462
- EPSS 14.56%
- Veröffentlicht 28.01.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:05
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.