ReportizFlow
Filtered by vendor
Subscriptions
Total
12644 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6469 | 1 Isc | 1 Bind | 2024-11-21 | 7.5 High |
| An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition. | ||||
| CVE-2019-6454 | 8 Canonical, Debian, Fedoraproject and 5 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | ||||
| CVE-2019-6339 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-11-21 | N/A |
| In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration. | ||||
| CVE-2019-6251 | 7 Canonical, Fedoraproject, Gnome and 4 more | 7 Ubuntu Linux, Fedora, Epiphany and 4 more | 2024-11-21 | N/A |
| WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. | ||||
| CVE-2019-6238 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.8 High |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may lead to arbitrary code execution. | ||||
| CVE-2019-6219 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service. | ||||
| CVE-2019-6111 | 10 Apache, Canonical, Debian and 7 more | 27 Mina Sshd, Ubuntu Linux, Debian Linux and 24 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | ||||
| CVE-2019-5976 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.9 Medium |
| Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. | ||||
| CVE-2019-5931 | 1 Cybozu | 1 Garoon | 2024-11-21 | N/A |
| Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors. | ||||
| CVE-2019-5864 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | ||||
| CVE-2019-5862 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2019-5858 | 3 Apple, Google, Redhat | 3 Macos, Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2019-5856 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2019-5852 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2019-5839 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 Medium |
| Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. | ||||
| CVE-2019-5824 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 8.8 High |
| Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2019-5819 | 6 Apple, Debian, Fedoraproject and 3 more | 7 Macos, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. | ||||
| CVE-2019-5803 | 3 Google, Opensuse, Redhat | 4 Chrome, Backports, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2019-5801 | 3 Apple, Google, Opensuse | 4 Iphone Os, Chrome, Backports and 1 more | 2024-11-21 | 6.5 Medium |
| Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
| CVE-2019-5800 | 3 Google, Opensuse, Redhat | 4 Chrome, Backports, Leap and 1 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||