Oracle : Security Vulnerabilities, CVEs, Published In September 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Max CVSS
9.8
EPSS Score
0.34%
Published
2019-09-15
Updated
2023-09-13
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Max CVSS
6.5
EPSS Score
0.41%
Published
2019-09-09
Updated
2023-03-23
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
Max CVSS
7.5
EPSS Score
0.15%
Published
2019-09-06
Updated
2023-02-28
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-09-19
Updated
2024-02-16
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Max CVSS
9.8
EPSS Score
0.41%
Published
2019-09-15
Updated
2023-09-13
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
Max CVSS
7.2
EPSS Score
83.05%
Published
2019-09-26
Updated
2021-07-07
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Max CVSS
6.1
EPSS Score
7.12%
Published
2019-09-26
Updated
2021-09-09
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
Max CVSS
9.1
EPSS Score
0.81%
Published
2019-09-26
Updated
2022-07-25
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Max CVSS
9.8
EPSS Score
9.76%
Published
2019-09-16
Updated
2021-11-03
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Max CVSS
9.8
EPSS Score
1.17%
Published
2019-09-16
Updated
2023-03-29
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
Max CVSS
6.5
EPSS Score
0.36%
Published
2019-09-18
Updated
2022-06-07
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
Max CVSS
6.5
EPSS Score
0.36%
Published
2019-09-18
Updated
2022-06-13
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
Max CVSS
6.5
EPSS Score
0.36%
Published
2019-09-18
Updated
2022-06-13
13 vulnerabilities found