CVE-2019-3815
- EPSS 0.4%
- Veröffentlicht 28.01.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:35
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A...
CVE-2019-6978
- EPSS 4.42%
- Veröffentlicht 28.01.2019 08:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:21
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVE-2019-6977
- EPSS 64.27%
- Veröffentlicht 27.01.2019 02:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:20
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This c...
CVE-2019-6799
- EPSS 15.41%
- Veröffentlicht 26.01.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:10
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is r...
CVE-2018-16881
- EPSS 2.24%
- Veröffentlicht 25.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:31
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
CVE-2019-3819
- EPSS 0.46%
- Veröffentlicht 25.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:36
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up...
CVE-2018-20743
- EPSS 3.63%
- Veröffentlicht 25.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:04
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
CVE-2019-6956
- EPSS 1.15%
- Veröffentlicht 25.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:17
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
CVE-2017-18359
- EPSS 3.05%
- Veröffentlicht 25.01.2019 05:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:55
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty ge...
CVE-2019-6486
- EPSS 4.33%
- Veröffentlicht 24.01.2019 05:29:00
- Zuletzt bearbeitet 21.11.2024 04:46:32
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.