CVE-2015-1341
- EPSS 0.43%
- Veröffentlicht 22.04.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:25:12
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
CVE-2019-11234
- EPSS 7.62%
- Veröffentlicht 22.04.2019 11:29:03
- Zuletzt bearbeitet 21.11.2024 04:20:46
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
CVE-2019-11235
- EPSS 3.57%
- Veröffentlicht 22.04.2019 11:29:03
- Zuletzt bearbeitet 21.11.2024 04:20:47
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar is...
CVE-2019-11338
- EPSS 2.35%
- Veröffentlicht 19.04.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:54
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via c...
CVE-2019-11324
- EPSS 2.84%
- Veröffentlicht 18.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:53
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure i...
CVE-2019-3885
- EPSS 1.96%
- Veröffentlicht 18.04.2019 18:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:47
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
CVE-2018-16877
- EPSS 0.4%
- Veröffentlicht 18.04.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:30
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
CVE-2018-16878
- EPSS 0.44%
- Veröffentlicht 18.04.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:30
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
CVE-2019-11034
- EPSS 4.09%
- Veröffentlicht 18.04.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:24
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11035
- EPSS 4.41%
- Veröffentlicht 18.04.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:24
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.