cve-2019-11043 vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

PhpCanonicalUbuntu LinuxDebianDebian Linux
5
CVSSv2
CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by...

Openssl
6.8
CVSSv2
CVE-2019-13720

Chrome Security Alert: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs. Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild....

GoogleChrome
9.3
CVSSv2
CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new...

6.4
CVSSv2
CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access....

LibsshNetappOncommand Workflow AutomationSnapcenterStorage Automation StoreOracleMysql WorkbenchCanonicalUbuntu LinuxDebianDebian LinuxRedhatEnterprise Linux
5
CVSSv2
CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c....

4
CVSSv2
CVE-2018-18778

ACME mini_httpd before 1.30 lets remote users read arbitrary files....

7.2
CVSSv2
CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process...

DebianDebian LinuxFedoraprojectFedoraLinuxLinux Kernel
5.8
CVSSv2
CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal...

OpenbsdOpensshWinscpCanonicalUbuntu LinuxDebianDebian LinuxRedhatEnterprise Linux
9
CVSSv2
CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER=...