Skip to main content
CVE-2019-11190 MEDIUM POC PATCH This Month

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus. Rated medium severity (CVSS 4.7). Public exploit code available.

Authentication Bypass Race Condition Linux Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2019-1574 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Expedition Migration Tool
NVD
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy