CVE-2019-19786
- EPSS 1.17%
- Veröffentlicht 13.12.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:22
ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.
CVE-2019-19787
- EPSS 1.17%
- Veröffentlicht 13.12.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:23
ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.
CVE-2019-16777
- EPSS 1.98%
- Veröffentlicht 13.12.2019 01:15:11
- Zuletzt bearbeitet 21.11.2024 04:31:10
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and cre...
CVE-2019-16775
- EPSS 3.27%
- Veröffentlicht 13.12.2019 01:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:09
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the ...
CVE-2019-16776
- EPSS 3.34%
- Veröffentlicht 13.12.2019 01:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:10
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field wou...
CVE-2019-19769
- EPSS 1.34%
- Veröffentlicht 12.12.2019 20:15:17
- Zuletzt bearbeitet 21.11.2024 04:35:20
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
CVE-2019-19746
- EPSS 1.19%
- Veröffentlicht 12.12.2019 03:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:18
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2017-18640
- EPSS 26.72%
- Veröffentlicht 12.12.2019 03:15:10
- Zuletzt bearbeitet 21.11.2024 03:20:32
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2019-19577
- EPSS 0.5%
- Veröffentlicht 11.12.2019 18:16:19
- Zuletzt bearbeitet 21.11.2024 04:34:58
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU,...
CVE-2019-19578
- EPSS 0.39%
- Veröffentlicht 11.12.2019 18:16:19
- Zuletzt bearbeitet 21.11.2024 04:34:58
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves ei...