CVE-2019-0220
- EPSS 17.86%
- Veröffentlicht 11.06.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:31
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions...
CVE-2019-12749
- EPSS 0.56%
- Veröffentlicht 11.06.2019 17:29:00
- Zuletzt bearbeitet 13.02.2026 20:16:12
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference ...
CVE-2019-12387
- EPSS 2.54%
- Veröffentlicht 10.06.2019 12:29:00
- Zuletzt bearbeitet 25.11.2024 18:12:24
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVE-2019-2101
- EPSS 0.4%
- Veröffentlicht 07.06.2019 20:29:01
- Zuletzt bearbeitet 21.11.2024 04:40:13
In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ...
CVE-2019-10160
- EPSS 5.23%
- Veröffentlicht 07.06.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:18:32
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by...
- EPSS 99.96%
- Veröffentlicht 05.06.2019 14:29:11
- Zuletzt bearbeitet 06.11.2025 14:49:48
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVE-2019-12614
- EPSS 0.62%
- Veröffentlicht 03.06.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:23:11
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dere...
CVE-2019-11356
- EPSS 7.62%
- Veröffentlicht 03.06.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:56
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
CVE-2019-3846
- EPSS 5.65%
- Veröffentlicht 03.06.2019 19:29:02
- Zuletzt bearbeitet 21.11.2024 04:42:41
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
CVE-2019-8457
- EPSS 45.43%
- Veröffentlicht 30.05.2019 16:29:01
- Zuletzt bearbeitet 21.11.2024 04:49:56
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.