- EPSS 1.22%
- Veröffentlicht 23.12.2019 18:15:10
- Zuletzt bearbeitet 21.11.2024 04:22:48
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perf...
CVE-2019-17563
- EPSS 10.69%
- Veröffentlicht 23.12.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:32
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p...
CVE-2019-11045
- EPSS 8.82%
- Veröffentlicht 23.12.2019 03:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:26
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications check...
CVE-2019-11046
- EPSS 4.08%
- Veröffentlicht 23.12.2019 03:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:26
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are ide...
CVE-2019-11047
- EPSS 7.47%
- Veröffentlicht 23.12.2019 03:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:26
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...
CVE-2019-11050
- EPSS 7.62%
- Veröffentlicht 23.12.2019 03:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:27
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...
CVE-2019-19922
- EPSS 0.95%
- Veröffentlicht 22.12.2019 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:35:40
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expira...
- EPSS 3.16%
- Veröffentlicht 22.12.2019 18:15:10
- Zuletzt bearbeitet 21.11.2024 04:35:39
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
CVE-2019-17571
- EPSS 69.06%
- Veröffentlicht 20.12.2019 17:15:11
- Zuletzt bearbeitet 28.05.2026 19:16:31
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic fo...
CVE-2019-19906
- EPSS 8.04%
- Veröffentlicht 19.12.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:37
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c ...