| Max CVSS | 9.3 | Min CVSS | 4.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-5736 | 9.3 |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types
|
02-02-2024 - 12:15 | 11-02-2019 - 19:29 | |
| CVE-2019-3816 | 5.0 |
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a sp
|
12-02-2023 - 23:38 | 14-03-2019 - 22:29 | |
| CVE-2019-9636 | 5.0 |
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a
|
25-07-2022 - 18:15 | 08-03-2019 - 21:29 | |
| CVE-2019-6454 | 4.9 |
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
|
20-02-2022 - 06:08 | 21-03-2019 - 16:01 | |
| CVE-2019-7548 | 6.8 |
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
|
30-11-2021 - 19:52 | 06-02-2019 - 21:29 | |
| CVE-2019-0215 | 6.0 |
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
|
06-06-2021 - 11:15 | 08-04-2019 - 20:29 | |
| CVE-2019-3839 | 6.8 |
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o
|
15-10-2020 - 14:31 | 16-05-2019 - 19:29 | |
| CVE-2019-9813 | 6.8 |
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
|
24-08-2020 - 17:37 | 26-04-2019 - 17:29 | |
| CVE-2019-5953 | 7.5 |
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
|
24-08-2020 - 17:37 | 17-05-2019 - 16:29 | |
| CVE-2018-12180 | 6.8 |
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
|
03-10-2019 - 00:03 | 27-03-2019 - 20:29 | |
| CVE-2016-10745 | 5.0 |
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
|
06-06-2019 - 16:29 | 08-04-2019 - 13:29 | |
| CVE-2019-10063 | 6.8 |
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could other
|
13-05-2019 - 10:29 | 26-03-2019 - 14:29 | |
| CVE-2019-3878 | 6.8 |
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha
|
07-05-2019 - 09:29 | 26-03-2019 - 18:29 |