CVE-2019-9924
- EPSS 0.42%
- Veröffentlicht 22.03.2019 08:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:35
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-9903
- EPSS 2.25%
- Veröffentlicht 21.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:32
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
CVE-2019-7222
- EPSS 0.68%
- Veröffentlicht 21.03.2019 16:01:11
- Zuletzt bearbeitet 21.11.2024 04:47:47
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-6778
- EPSS 0.62%
- Veröffentlicht 21.03.2019 16:01:10
- Zuletzt bearbeitet 21.11.2024 04:47:07
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2019-7221
- EPSS 0.81%
- Veröffentlicht 21.03.2019 16:01:10
- Zuletzt bearbeitet 21.11.2024 04:47:46
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-6690
- EPSS 8.55%
- Veröffentlicht 21.03.2019 16:01:09
- Zuletzt bearbeitet 21.11.2024 04:46:57
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE...
CVE-2019-6454
- EPSS 2.04%
- Veröffentlicht 21.03.2019 16:01:08
- Zuletzt bearbeitet 21.11.2024 04:46:28
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl...
CVE-2019-6116
- EPSS 43.9%
- Veröffentlicht 21.03.2019 16:01:07
- Zuletzt bearbeitet 21.11.2024 04:45:58
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-3832
- EPSS 0.51%
- Veröffentlicht 21.03.2019 16:01:04
- Zuletzt bearbeitet 21.11.2024 04:42:38
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
CVE-2018-20669
- EPSS 0.57%
- Veröffentlicht 21.03.2019 16:00:37
- Zuletzt bearbeitet 21.11.2024 04:01:57
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function ca...