CVE-2019-12447
- EPSS 1.83%
- Veröffentlicht 29.05.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:52
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
CVE-2019-12449
- EPSS 1.84%
- Veröffentlicht 29.05.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:52
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges...
CVE-2019-12450
- EPSS 2.6%
- Veröffentlicht 29.05.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:52
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-5798
- EPSS 3.21%
- Veröffentlicht 23.05.2019 20:29:01
- Zuletzt bearbeitet 21.11.2024 04:45:30
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-12295
- EPSS 3.77%
- Veröffentlicht 23.05.2019 12:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:34
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
CVE-2019-12216
- EPSS 2.21%
- Veröffentlicht 20.05.2019 17:29:17
- Zuletzt bearbeitet 21.11.2024 04:22:26
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
CVE-2019-12221
- EPSS 1.97%
- Veröffentlicht 20.05.2019 17:29:17
- Zuletzt bearbeitet 21.11.2024 04:22:27
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
CVE-2019-12211
- EPSS 4.21%
- Veröffentlicht 20.05.2019 16:29:01
- Zuletzt bearbeitet 21.11.2024 04:22:25
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12213
- EPSS 2.2%
- Veröffentlicht 20.05.2019 16:29:01
- Zuletzt bearbeitet 21.11.2024 04:22:26
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-3839
- EPSS 1.76%
- Veröffentlicht 16.05.2019 19:29:05
- Zuletzt bearbeitet 21.11.2024 04:42:40
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o...