Security Vulnerabilities - CVEs Published In March 2019
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-03-12
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-03-12
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-03-12
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-03-11
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-03-11
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
CVSS Score
5.6
EPSS Score
0.002
Published
2019-03-11
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.
CVSS Score
3.1
EPSS Score
0.003
Published
2019-03-11
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-03-11
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-03-11
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-11