2019-11-27 | CVE-2019-10216 | In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
2019-11-14 | CVE-2018-12207 | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
2019-11-14 | CVE-2019-11135 | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 6.5 |
2019-11-04 | CVE-2017-5333 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | 6.8 |
2019-11-04 | CVE-2017-5332 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 6.8 |
2019-10-17 | CVE-2019-14287 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. | 8.8 |
2019-10-16 | CVE-2019-2999 | Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). | 4.7 |
2019-10-16 | CVE-2019-2992 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). | 3.7 |
2019-10-16 | CVE-2019-2988 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). | 3.7 |
2019-10-16 | CVE-2019-2983 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 3.7 |