Lucene search
K

4371 matches found

CVE
CVE
added 2018/01/11 4:0 p.m.59 views

CVE-2018-5189

CVE-2018-5189 affects Jungo Windriver 12.5.1. A race condition (double-fetch) in a Windriver IOCTL handler allows local users to overflow a pool buffer, potentially causing denial of service or privilege escalation to SYSTEM. Exploitation demonstrated via kernel pool spraying and a crafted Event ...

7.8CVSS7.5AI score0.01204EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2018/01/03 6:29 p.m.3 views

DEBIAN-CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

9.8CVSS7.6AI score0.03124EPSS
Exploits0References1
NVD
NVD
added 2018/01/03 6:29 p.m.30 views

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

9.8CVSS8.8AI score0.03124EPSS
Exploits0References4
Prion
Prion
added 2018/01/03 6:29 p.m.21 views

Code injection

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

7.5CVSS9.5AI score0.03124EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/01/03 6:29 p.m.27 views

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

9.8CVSS9.9AI score
Exploits0References4
OSV
OSV
added 2018/01/03 6:29 p.m.2 views

UBUNTU-CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

9.8CVSS7.4AI score0.03124EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/01/03 6:0 p.m.40 views

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

8.7AI score0.03124EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2018/01/03 6:0 p.m.20 views

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

9.8CVSS9.8AI score0.03124EPSS
Exploits0
Hacker One
Hacker One
added 2017/12/19 7:53 p.m.43 views

Ed: Fix for self-DoS in Security-txt Chrome Extension.

@sp1d3rs found a self-DoS vulnerability in the Security-txt Chrome Extension. He was also kind enough to provide a fix wich you can find on GitHub. We merged @sp1d3rs' fix when he submitted a PR. We later decided that it was better to stop using XHR and use Fetch instead, a newer API. This was th...

6.7AI score
Exploits0
Oracle linux
Oracle linux
added 2017/11/27 12:0 a.m.47 views

curl security update

7.29.0-42.el74.1 - fix buffer overflow while processing IMAP FETCH response CVE-2017-1000257...

9.1CVSS2.6AI score0.06224EPSS
Exploits0
OSV
OSV
added 2017/11/16 2:29 a.m.2 views

ALPINE-CVE-2017-8807

vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...

9.1CVSS6.8AI score0.04084EPSS
Exploits0References1
OSV
OSV
added 2017/11/16 2:29 a.m.3 views

UBUNTU-CVE-2017-8807

vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...

9.1CVSS7AI score0.04084EPSS
Exploits0References7
OSV
OSV
added 2017/10/31 9:29 p.m.1 views

DEBIAN-CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

9.1CVSS9.3AI score0.06224EPSS
Exploits0References1
Prion
Prion
added 2017/10/31 9:29 p.m.20 views

Heap overflow

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

6.4CVSS8.9AI score0.06224EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2017/10/31 9:29 p.m.29 views

CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

9.1CVSS9.1AI score0.06224EPSS
Exploits0References8
Cvelist
Cvelist
added 2017/10/31 9:0 p.m.24 views

CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

9.2AI score0.06224EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2017/10/31 9:0 p.m.8 views

CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

6AI score0.06224EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2017/10/31 9:0 p.m.54 views

CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

9.1CVSS9.5AI score0.06224EPSS
Exploits0
Kitploit
Kitploit
added 2017/10/29 1:37 p.m.25 views

Exitmap - A Fast and Modular Scanner for TOR Exit Relays

Exitmap is a fast and modular Python-based scanner for Tor exit relays. Exitmap modules implement tasks that are run over a subset of all exit relays. If you have a background in functional programming, think of exitmap as a map interface for Tor exit relays: Modules can perform any TCP-based...

7.1AI score
Exploits0References2
Debian
Debian
added 2017/10/27 8:15 p.m.28 views

[SECURITY] [DSA 4007-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4007-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 27, 2017 https://www.debian.org/security/faq -...

9.1CVSS9.4AI score0.06224EPSS
Exploits0
Rows per page
Query Builder