Lucene search
+L

162 matches found

UbuntuCve
UbuntuCve
added 2020/03/31 3:0 a.m.21 views

CVE-2020-10595

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...

9.8CVSS7.5AI score0.04784EPSS
Exploits0References2
Debian
Debian
added 2020/03/26 10:37 p.m.76 views

[SECURITY] [DSA 4647-1] bluez security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4647-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2020 https://www.debian.org/security/faq -...

7.1CVSS6.9AI score0.01033EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/03/19 12:0 a.m.33 views

openSUSE: Security Advisory for salt (openSUSE-SU-2020:0357-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.8AI score0.15106EPSS
Exploits0References2
OSV
OSV
added 2020/01/28 6:15 p.m.5 views

DEBIAN-CVE-2020-5214

In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own...

9.8CVSS9.2AI score0.01068EPSS
Exploits0References1
OSV
OSV
added 2020/01/28 6:15 p.m.4 views

UBUNTU-CVE-2020-5214

In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own...

9.8CVSS7.8AI score0.01068EPSS
Exploits0References4
Prion
Prion
added 2019/12/13 1:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in the SAML Single Sign On SSO plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate thei...

6CVSS7.4AI score0.01061EPSS
Exploits0References2Affected Software1
Xen Project
Xen Project
added 2019/12/11 12:0 p.m.90 views

Linear pagetable use / entry miscounts

ISSUE DESCRIPTION "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level i.e., L...

8.8CVSS0.0039EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/11/26 8:46 a.m.6 views

SUSE-SU-2019:14231-1 Security update for clamav

This update for clamav fixes the following issues: Security issues fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458...

9.8CVSS8.7AI score0.0812EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/11/26 12:0 a.m.53 views

SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3053-1)

This update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458. Non-securit...

9.8CVSS6.9AI score0.0812EPSS
Exploits0References8
NVD
NVD
added 2019/11/07 10:15 p.m.29 views

CVE-2007-5743

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option...

7.5CVSS7.5AI score0.01102EPSS
Exploits1References2
OSV
OSV
added 2019/09/11 11:5 p.m.21 views

GHSA-2P82-V77V-MPPR Airbrake keys not being filtered

The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklistkeys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 also, 4.2.2 and earlier are unaffected...

9.8CVSS9.2AI score0.01442EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.25 views

NewStart CGSL MAIN 4.05 : mod_perl Vulnerability (NS-SA-2019-0134)

The remote NewStart CGSL host, running version MAIN 4.05, has modperl packages installed that are affected by a vulnerability: - modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is ...

10CVSS7.9AI score0.08946EPSS
Exploits0References2
OSV
OSV
added 2019/07/19 3:15 p.m.18 views

CVE-2019-13981

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads//originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer...

5.3CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2019/07/19 2:17 p.m.20 views

CVE-2019-13981

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads//originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer...

5.2AI score0.015EPSS
Exploits1References2
CVE
CVE
added 2019/07/19 2:17 p.m.64 views

CVE-2019-13981

The CVE affects Directus 7 API up to version 2.3.0. An information disclosure exists where remote attackers can read image files by directly requesting a filename under uploads/_/originals/. The vulnerability stems from a configuration option that can make the file collection non-public, but this...

5.3CVSS5.1AI score0.015EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/11 4:29 p.m.10 views

DEBIAN-CVE-2019-3459

A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1...

6.5CVSS7.5AI score0.01827EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2017/10/26 7:3 a.m.6 views

ntp: Authenticated DoS via Malicious Config Option

A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message...

6.5CVSS7.3AI score0.05239EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2017/07/31 4:7 p.m.183 views

USN-3373-1: Apache HTTP Server vulnerabilities

Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...

9.8CVSS7.2AI score0.57472EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2017/07/05 12:0 a.m.24 views

SUSE SLES11 Security Update : freeradius-server (SUSE-SU-2017:1777-1)

This update for freeradius-server fixes the following issues : - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. bnc1041445 - CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. bnc935573 The...

9.8CVSS7.9AI score0.03914EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2017/06/16 12:0 a.m.42 views

Debian DLA-986-1 : zookeeper security update

It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new...

7.5CVSS7.4AI score0.73654EPSS
Exploits0References3
Rows per page
Query Builder