cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
Max CVSS
10.0
EPSS Score
0.76%
Published
2018-08-26
Updated
2019-09-24
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.
Max CVSS
10.0
EPSS Score
0.57%
Published
2019-02-05
Updated
2019-02-07
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
Max CVSS
10.0
EPSS Score
1.02%
Published
2019-02-05
Updated
2019-10-03
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Max CVSS
10.0
EPSS Score
22.64%
Published
2019-04-23
Updated
2022-11-30

CVE-2019-10149

Known exploited
Public exploit
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Max CVSS
10.0
EPSS Score
97.34%
Published
2019-06-05
Updated
2022-11-07
CISA KEV Added
2022-01-10
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
Max CVSS
9.8
EPSS Score
1.92%
Published
2017-02-09
Updated
2021-02-22
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
Max CVSS
9.8
EPSS Score
14.64%
Published
2018-11-29
Updated
2020-09-29
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
Max CVSS
9.8
EPSS Score
14.64%
Published
2018-11-29
Updated
2020-09-29
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
Max CVSS
9.8
EPSS Score
3.68%
Published
2018-11-29
Updated
2020-09-29
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
Max CVSS
9.8
EPSS Score
6.95%
Published
2018-11-29
Updated
2020-09-29
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
Max CVSS
9.8
EPSS Score
10.00%
Published
2018-11-29
Updated
2019-06-03
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
Max CVSS
9.8
EPSS Score
1.10%
Published
2019-02-28
Updated
2019-03-01
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
Max CVSS
9.8
EPSS Score
0.45%
Published
2019-02-28
Updated
2019-10-03
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Max CVSS
9.8
EPSS Score
0.51%
Published
2019-02-28
Updated
2019-03-12
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.
Max CVSS
9.8
EPSS Score
0.90%
Published
2019-02-28
Updated
2019-03-01
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.
Max CVSS
9.8
EPSS Score
0.52%
Published
2018-06-29
Updated
2019-03-29
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.
Max CVSS
9.8
EPSS Score
0.33%
Published
2018-06-29
Updated
2019-03-29
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
Max CVSS
9.8
EPSS Score
3.32%
Published
2018-12-19
Updated
2019-10-31
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
Max CVSS
9.8
EPSS Score
88.04%
Published
2018-12-19
Updated
2020-10-23
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Max CVSS
9.8
EPSS Score
0.65%
Published
2018-11-16
Updated
2019-10-03
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
Max CVSS
9.8
EPSS Score
1.08%
Published
2018-09-03
Updated
2021-11-30
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Max CVSS
9.8
EPSS Score
1.08%
Published
2018-10-31
Updated
2019-10-09
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Max CVSS
9.8
EPSS Score
1.54%
Published
2018-10-31
Updated
2019-10-09
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
Max CVSS
9.8
EPSS Score
0.71%
Published
2018-11-13
Updated
2023-01-19
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.83%
Published
2018-10-09
Updated
2021-08-04
425 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!