CVE-2019-16746

A flaw in the Linux kernel's WiFi beacon validation code was discovered. The code does not check the length of the variable length elements in the beacon head potentially leading to a buffer overflow. System availability, as well as data confidentiality and integrity, can be impacted by this...

CVE-2019-15225

A flaw was found in Envoy through version 1.11.1. Users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service through memory consumption. The highest thre...

CVE-2019-17195

A flaw was found in Connect2id Nimbus JOSE+JWT prior to version 7.9. While processing JSON web tokens JWT, nimbus-jose-jwt can throw various uncaught exceptions resulting in an application crash, information disclosure, or authentication bypass. The highest threat from this vulnerability is to da...

CVE-2019-10431

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through default parameter expressions in constructors. This allowed attackers, able to specify and run sandboxed scripts, to execute arbitrary code in the context of the Jenkins master JVM. The highes...

python-jinja2: str.format_map allows sandbox escape

A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CVE-2019-8324

A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2019-15921

A flaw was found in the genlregisterfamily function in the Linux kernel. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or t...

CVE-2019-10132

A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this...

CVE-2018-16228

A flaw was found in tcpdump where an uninitialized buffer is accessed in tcpdump while printing HNCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the...

CVE-2018-14462

An out-of-bounds read flaw was discovered in tcpdump while printing ICMP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. System availability...

CVE-2019-16230

A flaw was found in the radeoncrtcinit function of the Linux kernel. The kernel doesn't handle work queue allocation failures correctly leading to a crash of the system. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not...

CVE-2019-16233

A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to allocworkqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this...

CVE-2019-16231

A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the allocworkqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system...

CVE-2019-10906

A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability. Mitigation If you cannot upgrade python-Jinja2, you can override the issafeattribute meth...

CVE-2019-11500

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2019-1003002

A flaw was found in Jenkins Pipeline. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. This allows users with Overall/Read permission, or able to control Jenkinsfile or...

CVE-2019-10063

An incomplete fix for CVE-2017-5226 was found in flatpak. A sandbox bypass flaw was found in the way bubblewrap, which is used for sandboxing flatpak applications handled the TIOCSTI ioctl. A malicious flatpak application could use this flaw to inject commands into the controlled terminal of the...

CVE-2019-1010238

A buffer overflow flaw was found in Gnome Pango. When invalid utf-8 strings are passed to functions, a heap-based buffer overflow can occur that could lead to code execution. The highest threat from this vulnerability is data confidentiality and integrity as well as system availability...

CVE-2019-8308

A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...