CVE-2019-18408
- EPSS 4.04%
- Veröffentlicht 24.10.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:33:12
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
CVE-2019-15587
- EPSS 1.55%
- Veröffentlicht 22.10.2019 21:15:10
- Zuletzt bearbeitet 21.11.2024 04:29:04
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
CVE-2019-18218
- EPSS 1.85%
- Veröffentlicht 21.10.2019 05:15:10
- Zuletzt bearbeitet 21.11.2024 04:32:51
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
CVE-2019-18198
- EPSS 0.46%
- Veröffentlicht 18.10.2019 22:15:14
- Zuletzt bearbeitet 21.11.2024 04:32:48
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt me...
CVE-2019-18197
- EPSS 4.45%
- Veröffentlicht 18.10.2019 21:15:10
- Zuletzt bearbeitet 28.05.2026 19:16:33
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be...
- EPSS 63.92%
- Veröffentlicht 17.10.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:26:22
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !r...
CVE-2019-17666
- EPSS 3.02%
- Veröffentlicht 17.10.2019 02:15:13
- Zuletzt bearbeitet 21.11.2024 04:32:44
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-3004
- EPSS 2.65%
- Veröffentlicht 16.10.2019 18:15:34
- Zuletzt bearbeitet 21.11.2024 04:41:58
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...
CVE-2019-3009
- EPSS 2.53%
- Veröffentlicht 16.10.2019 18:15:34
- Zuletzt bearbeitet 21.11.2024 04:41:58
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple ...
CVE-2019-3011
- EPSS 2.65%
- Veröffentlicht 16.10.2019 18:15:34
- Zuletzt bearbeitet 21.11.2024 04:41:59
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...