| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-20669 | 7.2 |
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function ca
|
11-04-2023 - 18:16 | 21-03-2019 - 16:00 | |
| CVE-2019-6111 | 5.8 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned
|
24-03-2023 - 18:12 | 31-01-2019 - 18:29 | |
| CVE-2019-0190 | 5.0 |
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server ve
|
20-07-2021 - 23:15 | 30-01-2019 - 22:29 | |
| CVE-2018-17199 | 5.0 |
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session
|
06-06-2021 - 11:15 | 30-01-2019 - 22:29 | |
| CVE-2019-3818 | 5.0 |
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a
|
21-05-2021 - 14:42 | 05-02-2019 - 17:29 | |
| CVE-2019-6486 | 6.4 |
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
|
24-08-2020 - 17:37 | 24-01-2019 - 05:29 | |
| CVE-2019-3772 | 7.5 |
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
|
17-08-2020 - 18:34 | 18-01-2019 - 22:29 | |
| CVE-2019-9021 | 7.5 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
| CVE-2004-0681 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute
|
11-07-2017 - 01:30 | 06-08-2004 - 04:00 | |
| CVE-2004-0682 | 7.5 |
comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.
|
11-07-2017 - 01:30 | 06-08-2004 - 04:00 |