| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-11479 |
5 F5, Pulsesecure, Redhat and 2 more |
24 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 21 more |
2019-06-20 |
5.0 |
| Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a... |
| CVE-2019-11478 |
5 F5, Pulsesecure, Redhat and 2 more |
25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more |
2019-06-20 |
5.0 |
| Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a... |
| CVE-2019-11477 |
5 F5, Pulsesecure, Redhat and 2 more |
25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more |
2019-06-20 |
7.8 |
| Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service.... |
| CVE-2019-12436 |
2 Samba, Canonical |
2 Samba, Ubuntu Linux |
2019-06-20 |
4.0 |
| Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit. |
| CVE-2017-7613 |
3 Elfutils Project, Canonical, Debian |
3 Elfutils, Ubuntu Linux, Debian Linux |
2019-06-20 |
4.3 |
| elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. |
| CVE-2017-7612 |
3 Elfutils Project, Canonical, Debian |
3 Elfutils, Ubuntu Linux, Debian Linux |
2019-06-20 |
4.3 |
| The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7611 |
3 Elfutils Project, Canonical, Debian |
3 Elfutils, Ubuntu Linux, Debian Linux |
2019-06-20 |
4.3 |
| The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7610 |
3 Elfutils Project, Canonical, Debian |
3 Elfutils, Ubuntu Linux, Debian Linux |
2019-06-20 |
4.3 |
| The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2017-7608 |
3 Elfutils Project, Canonical, Debian |
3 Elfutils, Ubuntu Linux, Debian Linux |
2019-06-20 |
4.3 |
| The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
| CVE-2016-2510 |
4 Beanshell Project, Debian, Beanshell and 1 more |
4 Debian Linux, Beanshell, Beanshell and 1 more |
2019-06-19 |
6.8 |
| BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. |
| CVE-2018-1000122 |
5 Haxx, Canonical, Debian and 2 more |
8 Curl, Ubuntu Linux, Debian Linux and 5 more |
2019-06-18 |
6.4 |
| A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
| CVE-2018-1000120 |
5 Haxx, Canonical, Debian and 2 more |
8 Curl, Ubuntu Linux, Debian Linux and 5 more |
2019-06-18 |
7.5 |
| A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
| CVE-2018-1000007 |
4 Haxx, Debian, Canonical and 1 more |
6 Curl, Debian Linux, Ubuntu Linux and 3 more |
2019-06-18 |
5.0 |
| libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to... |
| CVE-2018-1000005 |
3 Haxx, Debian, Canonical |
3 Libcurl, Debian Linux, Ubuntu Linux |
2019-06-18 |
6.4 |
| libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was... |
| CVE-2019-6690 |
5 Python, Suse, Debian and 2 more |
5 Python-gnupg, Backports, Debian Linux and 2 more |
2019-06-18 |
5.0 |
| python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a... |
| CVE-2019-9641 |
5 Php, Debian, Canonical and 2 more |
5 Php, Debian Linux, Ubuntu Linux and 2 more |
2019-06-18 |
7.5 |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. |
| CVE-2019-9024 |
5 Php, Debian, Canonical and 2 more |
5 Php, Debian Linux, Ubuntu Linux and 2 more |
2019-06-18 |
5.0 |
| An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in... |
| CVE-2019-9023 |
5 Php, Debian, Canonical and 2 more |
5 Php, Debian Linux, Ubuntu Linux and 2 more |
2019-06-18 |
7.5 |
| An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid... |
| CVE-2019-9022 |
4 Php, Debian, Canonical and 1 more |
4 Php, Debian Linux, Ubuntu Linux and 1 more |
2019-06-18 |
5.0 |
| An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the... |
| CVE-2019-9021 |
5 Php, Debian, Canonical and 2 more |
5 Php, Debian Linux, Ubuntu Linux and 2 more |
2019-06-18 |
7.5 |
| An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated... |
