CVE-2019-5420
- EPSS 92.14%
- Veröffentlicht 27.03.2019 14:29:01
- Zuletzt bearbeitet 21.11.2024 04:44:54
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals t...
CVE-2019-3877
- EPSS 2.13%
- Veröffentlicht 27.03.2019 13:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:46
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forw...
CVE-2019-9917
- EPSS 3.13%
- Veröffentlicht 27.03.2019 06:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:34
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
CVE-2019-6341
- EPSS 12.41%
- Veröffentlicht 26.03.2019 18:29:01
- Zuletzt bearbeitet 21.11.2024 04:46:26
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) ...
CVE-2019-3804
- EPSS 4.86%
- Veröffentlicht 26.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:34
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which c...
CVE-2019-3851
- EPSS 0.9%
- Veröffentlicht 26.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:43
A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.
CVE-2019-3878
- EPSS 2.97%
- Veröffentlicht 26.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:46
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha...
CVE-2019-3835
- EPSS 2.64%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:39
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains i...
CVE-2019-3838
- EPSS 2.64%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:40
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the cons...
CVE-2019-3856
- EPSS 6.13%
- Veröffentlicht 25.03.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:42:43
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client syst...