| Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-14835 | 7.2 |
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript
|
15-12-2023 - 15:29 | 17-09-2019 - 16:15 | |
| CVE-2019-14379 | 7.5 |
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
|
13-09-2023 - 14:53 | 29-07-2019 - 12:15 | |
| CVE-2019-7609 | 10.0 |
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly le
|
08-09-2023 - 23:15 | 25-03-2019 - 19:29 | |
| CVE-2019-1010238 | 7.5 |
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condit
|
12-04-2022 - 16:51 | 19-07-2019 - 17:15 | |
| CVE-2019-14811 | 6.8 |
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disabl
|
16-10-2020 - 13:21 | 03-09-2019 - 16:15 | |
| CVE-2019-14817 | 6.8 |
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could dis
|
16-10-2020 - 13:21 | 03-09-2019 - 16:15 | |
| CVE-2019-14813 | 7.5 |
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable se
|
16-10-2020 - 13:20 | 06-09-2019 - 14:15 | |
| CVE-2019-11249 | 5.8 |
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s ma
|
02-10-2020 - 16:45 | 29-08-2019 - 01:15 | |
| CVE-2019-11247 | 6.5 |
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings w
|
02-10-2020 - 16:21 | 29-08-2019 - 01:15 | |
| CVE-2019-1125 | 2.1 |
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
|
24-08-2020 - 17:37 | 03-09-2019 - 18:15 | |
| CVE-2019-7608 | 4.3 |
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
27-09-2019 - 05:15 | 25-03-2019 - 19:29 | |
| CVE-2019-7610 | 9.3 |
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascrip
|
30-07-2019 - 22:15 | 25-03-2019 - 19:29 |