CVE-2019-14452
- EPSS 3.69%
- Veröffentlicht 31.07.2019 02:15:10
- Zuletzt bearbeitet 21.11.2024 04:26:46
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVE-2019-10161
- EPSS 0.52%
- Veröffentlicht 30.07.2019 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:18:32
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attac...
CVE-2019-14444
- EPSS 1.48%
- Veröffentlicht 30.07.2019 13:15:18
- Zuletzt bearbeitet 21.11.2024 04:26:45
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2019-1020014
- EPSS 0.41%
- Veröffentlicht 29.07.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:18:11
docker-credential-helpers before 0.6.3 has a double free in the List functions.
CVE-2019-13057
- EPSS 3.21%
- Veröffentlicht 26.07.2019 13:15:12
- Zuletzt bearbeitet 21.11.2024 04:24:07
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not pro...
CVE-2019-13565
- EPSS 5.02%
- Veröffentlicht 26.07.2019 13:15:12
- Zuletzt bearbeitet 21.11.2024 04:25:11
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simpl...
CVE-2019-14250
- EPSS 2.32%
- Veröffentlicht 24.07.2019 04:15:12
- Zuletzt bearbeitet 21.11.2024 04:26:17
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-2842
- EPSS 3.36%
- Veröffentlicht 23.07.2019 23:15:45
- Zuletzt bearbeitet 21.11.2024 04:41:40
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to c...
CVE-2019-2816
- EPSS 2.29%
- Veröffentlicht 23.07.2019 23:15:43
- Zuletzt bearbeitet 21.11.2024 04:41:37
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allo...
CVE-2019-2819
- EPSS 1.91%
- Veröffentlicht 23.07.2019 23:15:43
- Zuletzt bearbeitet 21.11.2024 04:41:37
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privil...