CVE-2019-1000019
- EPSS 3.41%
- Veröffentlicht 04.02.2019 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:17:41
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a cr...
CVE-2019-1000020
- EPSS 3.2%
- Veröffentlicht 04.02.2019 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:17:41
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, rea...
CVE-2019-7310
- EPSS 2.2%
- Veröffentlicht 03.02.2019 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:58
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a c...
CVE-2019-6109
- EPSS 3.81%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:34
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t...
CVE-2019-6111
- EPSS 58.2%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 18.12.2025 15:15:48
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned...
CVE-2019-7282
- EPSS 2.07%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:55
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is s...
CVE-2018-17189
- EPSS 19.4%
- Veröffentlicht 30.01.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:54:03
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_htt...
CVE-2019-6446
- EPSS 17.08%
- Veröffentlicht 16.01.2019 05:29:01
- Zuletzt bearbeitet 21.07.2025 23:15:25
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this...
CVE-2019-0001
- EPSS 3.05%
- Veröffentlicht 15.01.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:01
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd servic...
CVE-2019-3811
- EPSS 0.7%
- Veröffentlicht 15.01.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:35
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac...