| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-7221 |
7 Fedoraproject, Linux, Opensuse and 4 more |
16 Fedora, Linux Kernel, Leap and 13 more |
2019-06-15 |
4.6 |
| The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. |
| CVE-2019-7524 |
4 Dovecot, Debian, Canonical and 1 more |
4 Dovecot, Debian Linux, Ubuntu Linux and 1 more |
2019-06-14 |
7.2 |
| In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. |
| CVE-2019-3814 |
3 Dovecot, Canonical, Opensuse |
3 Dovecot, Ubuntu Linux, Leap |
2019-06-14 |
4.9 |
| It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. |
| CVE-2014-9761 |
6 Gnu, Suse, Fedoraproject and 3 more |
10 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 7 more |
2019-06-13 |
7.5 |
| Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan,... |
| CVE-2014-9402 |
4 Gnu, Canonical, Novell and 1 more |
4 Ubuntu Linux, Glibc, Opensuse and 1 more |
2019-06-13 |
7.8 |
| The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a... |
| CVE-2014-4043 |
3 Gnu, Novell, Opensuse |
3 Glibc, Opensuse, Opensuse |
2019-06-13 |
7.5 |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. |
| CVE-2019-9636 |
4 Python, Fedoraproject, Redhat and 1 more |
10 Python, Fedora, Enterprise Linux Desktop and 7 more |
2019-06-13 |
5.0 |
| Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached... |
| CVE-2019-0220 |
5 Apache, Canonical, Debian and 2 more |
5 Http Server, Ubuntu Linux, Debian Linux and 2 more |
2019-06-12 |
5.0 |
| A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular... |
| CVE-2019-9628 |
3 Xmltooling Project, Canonical, Opensuse |
3 Xmltooling, Ubuntu Linux, Leap |
2019-06-11 |
5.0 |
| The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled... |
| CVE-2019-0211 |
5 Apache, Canonical, Debian and 2 more |
5 Http Server, Ubuntu Linux, Debian Linux and 2 more |
2019-06-11 |
7.2 |
| In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code... |
| CVE-2018-12477 |
1 Opensuse |
2 Opensuse Leap, Leap |
2019-06-11 |
6.4 |
| A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service:... |
| CVE-2019-6454 |
7 Freedesktop, Netapp, Canonical and 4 more |
12 Systemd, Active Iq Performance Analytics Services, Ubuntu Linux and 9 more |
2019-06-04 |
4.9 |
| An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can... |
| CVE-2019-2684 |
3 Oracle, Redhat, Opensuse |
4 Jdk, Jre, Openshift Container Platform and 1 more |
2019-06-04 |
4.3 |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows... |
| CVE-2019-2602 |
3 Oracle, Redhat, Opensuse |
4 Jdk, Jre, Openshift Container Platform and 1 more |
2019-06-04 |
5.0 |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows... |
| CVE-2018-18356 |
5 Google, Debian, Redhat and 2 more |
10 Chrome, Debian Linux, Enterprise Linux Desktop and 7 more |
2019-06-03 |
6.8 |
| An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-6486 |
3 Golang, Debian, Opensuse |
3 Go, Debian Linux, Leap |
2019-06-03 |
6.4 |
| Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. |
| CVE-2019-5736 |
10 Docker, Google, Linuxcontainers and 7 more |
12 Docker, Kubernetes Engine, Lxc and 9 more |
2019-06-03 |
9.3 |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these... |
| CVE-2018-19873 |
3 Qt, Debian, Opensuse |
3 Qt, Debian Linux, Leap |
2019-06-03 |
7.5 |
| An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. |
| CVE-2018-19870 |
3 Qt, Debian, Opensuse |
3 Qt, Debian Linux, Leap |
2019-06-03 |
6.8 |
| An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. |
| CVE-2018-16875 |
2 Golang, Opensuse |
2 Go, Leap |
2019-06-03 |
7.8 |
| The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS... |
