CVE-2018-20843
- EPSS 7.11%
- Veröffentlicht 24.06.2019 17:15:09
- Zuletzt bearbeitet 30.05.2025 20:15:20
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
CVE-2019-12900
- EPSS 8.12%
- Veröffentlicht 19.06.2019 23:15:09
- Zuletzt bearbeitet 09.06.2025 16:15:29
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12436
- EPSS 2.85%
- Veröffentlicht 19.06.2019 12:15:10
- Zuletzt bearbeitet 21.11.2024 04:22:50
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
CVE-2019-11038
- EPSS 4.33%
- Veröffentlicht 19.06.2019 00:15:12
- Zuletzt bearbeitet 21.11.2024 04:20:25
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause t...
CVE-2019-11477
- EPSS 98.75%
- Veröffentlicht 19.06.2019 00:15:12
- Zuletzt bearbeitet 21.11.2024 04:21:09
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This ha...
CVE-2019-11478
- EPSS 94.69%
- Veröffentlicht 19.06.2019 00:15:12
- Zuletzt bearbeitet 21.11.2024 04:21:09
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denia...
CVE-2019-11479
- EPSS 91.66%
- Veröffentlicht 19.06.2019 00:15:12
- Zuletzt bearbeitet 21.11.2024 04:21:09
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial ...
CVE-2019-10126
- EPSS 6.82%
- Veröffentlicht 14.06.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:18:28
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
CVE-2019-0197
- EPSS 8.44%
- Veröffentlicht 11.06.2019 22:29:04
- Zuletzt bearbeitet 21.11.2024 04:16:27
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection cou...
CVE-2019-0196
- EPSS 19.3%
- Veröffentlicht 11.06.2019 22:29:03
- Zuletzt bearbeitet 21.11.2024 04:16:27
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request ...