CVE-2019-19844
- EPSS 34.81%
- Veröffentlicht 18.12.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:30
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be ...
CVE-2019-19813
- EPSS 2.13%
- Veröffentlicht 17.12.2019 06:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:26
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner...
CVE-2019-19816
- EPSS 3.29%
- Veröffentlicht 17.12.2019 06:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:26
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandl...
CVE-2019-19830
- EPSS 1.27%
- Veröffentlicht 17.12.2019 05:15:14
- Zuletzt bearbeitet 21.11.2024 04:35:28
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
CVE-2019-19783
- EPSS 1.66%
- Veröffentlicht 16.12.2019 14:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:22
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a ...
CVE-2019-19807
- EPSS 0.55%
- Veröffentlicht 15.12.2019 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:26
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for...
CVE-2019-19725
- EPSS 2.76%
- Veröffentlicht 11.12.2019 18:16:20
- Zuletzt bearbeitet 21.11.2024 04:35:15
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
CVE-2019-14861
- EPSS 2.3%
- Veröffentlicht 10.12.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:31
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stor...
CVE-2019-14870
- EPSS 2.78%
- Veröffentlicht 10.12.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:33
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in an...
CVE-2019-14889
- EPSS 3.16%
- Veröffentlicht 10.12.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:37
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the ...