CVE-2019-1999
- EPSS 0.79%
- Veröffentlicht 28.02.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:37:51
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for ex...
CVE-2019-9209
- EPSS 1.4%
- Veröffentlicht 28.02.2019 04:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:12
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
CVE-2019-1559
- EPSS 17.14%
- Veröffentlicht 27.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:36:48
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...
CVE-2019-9210
- EPSS 1.42%
- Veröffentlicht 27.02.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:12
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
CVE-2019-9200
- EPSS 3.47%
- Veröffentlicht 26.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:11
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmen...
CVE-2019-9169
- EPSS 4.73%
- Veröffentlicht 26.02.2019 02:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:07
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2019-9162
- EPSS 1.09%
- Veröffentlicht 25.02.2019 23:29:01
- Zuletzt bearbeitet 21.11.2024 04:51:06
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or loc...
CVE-2019-8375
- EPSS 16.11%
- Veröffentlicht 24.02.2019 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:46
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of ser...
CVE-2019-9070
- EPSS 1.8%
- Veröffentlicht 24.02.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:50:55
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
CVE-2019-9071
- EPSS 1.81%
- Veröffentlicht 24.02.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:50:55
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.