CVE-2018-1311
- EPSS 9.5%
- Veröffentlicht 18.12.2019 20:15:15
- Zuletzt bearbeitet 04.11.2025 19:15:38
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl...
CVE-2019-3992
- EPSS 1.3%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain ac...
CVE-2019-3993
- EPSS 45.7%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.
CVE-2019-3994
- EPSS 2.93%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to...
CVE-2019-3995
- EPSS 28.55%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.
CVE-2019-3996
- EPSS 5.88%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
CVE-2019-19783
- EPSS 1.66%
- Veröffentlicht 16.12.2019 14:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:22
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a ...
CVE-2019-19797
- EPSS 1.22%
- Veröffentlicht 15.12.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:24
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
CVE-2019-19722
- EPSS 2.48%
- Veröffentlicht 13.12.2019 17:15:13
- Zuletzt bearbeitet 21.11.2024 04:35:15
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
CVE-2019-19785
- EPSS 1.17%
- Veröffentlicht 13.12.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:22
ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.