|
821
|
7.8
7.2
|
HIGH
Local
|
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to …
|
CWE-20
Improper Input Validation
|
CVE-2005-4890
|
cpe:2.3:o:redhat:enterprise_linux:6.0:* cpe:2.3:o:redhat:enterprise_linux:5:* cpe:2.3:o:redhat:enterprise_linux:4…
|
|
|
|
|
2024-11-21 09:05
2019-11-5
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
8.1
4.9
|
HIGH
Network
|
php-symfony2-Validator has loss of information during serialization
|
CWE-20
Improper Input Validation
|
CVE-2013-4751
|
cpe:2.3:o:redhat:enterprise_linux:6.0:*
|
|
|
|
|
2024-11-21 10:56
2019-11-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
5.5
4.3
|
MEDIUM
Local
|
evince is missing a check on number of pages which can lead to a segmentation fault
|
CWE-20
Improper Input Validation
|
CVE-2013-3718
|
cpe:2.3:o:redhat:enterprise_linux:5.0:*
|
|
|
|
|
2024-11-21 10:54
2019-11-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
7.5
5.0
|
HIGH
Network
|
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, re…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-5010
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:44
2019-11-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
9.8
7.5
|
CRITICAL
Network
|
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-11043
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:20
2019-10-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
7.5
5.0
|
HIGH
Network
|
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client …
|
CWE-436
Interpretation Conflict
|
CVE-2019-17596
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:32
2019-10-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
9.1
6.4
|
CRITICAL
Network
|
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
|
CWE-269
Improper Privilege Management
|
CVE-2019-17631
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:32
2019-10-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
8.8
9.0
|
HIGH
Network
|
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a cra…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-14287
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:26
2019-10-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
4.7
4.0
|
MEDIUM
Network
|
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows u…
|
NVD-CWE-noinfo
|
CVE-2019-2999
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:41
2019-10-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
4.2
4.0
|
MEDIUM
Network
|
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to explo…
|
NVD-CWE-noinfo
|
CVE-2019-2996
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:41
2019-10-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|