CVE-2019-13113
- EPSS 2.13%
- Veröffentlicht 30.06.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:24:13
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
CVE-2019-13114
- EPSS 2.12%
- Veröffentlicht 30.06.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:24:13
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
CVE-2019-13108
- EPSS 1.43%
- Veröffentlicht 30.06.2019 23:15:09
- Zuletzt bearbeitet 21.11.2024 04:24:12
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.
CVE-2019-13107
- EPSS 1.77%
- Veröffentlicht 30.06.2019 22:15:09
- Zuletzt bearbeitet 21.11.2024 04:24:12
Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c
CVE-2019-13050
- EPSS 2.66%
- Veröffentlicht 29.06.2019 17:15:08
- Zuletzt bearbeitet 21.11.2024 04:24:06
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this n...
CVE-2019-13038
- EPSS 1.42%
- Veröffentlicht 29.06.2019 14:15:09
- Zuletzt bearbeitet 21.11.2024 04:24:05
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
CVE-2019-5829
- EPSS 1.32%
- Veröffentlicht 27.06.2019 17:15:15
- Zuletzt bearbeitet 21.11.2024 04:45:35
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2019-5830
- EPSS 1.42%
- Veröffentlicht 27.06.2019 17:15:15
- Zuletzt bearbeitet 21.11.2024 04:45:35
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5831
- EPSS 1.99%
- Veröffentlicht 27.06.2019 17:15:15
- Zuletzt bearbeitet 21.11.2024 04:45:36
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-5832
- EPSS 1.29%
- Veröffentlicht 27.06.2019 17:15:15
- Zuletzt bearbeitet 21.11.2024 04:45:36
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.