Lucene search
K

160 matches found

Debian CVE
Debian CVE
added 2019/02/05 9:0 p.m.224 views

CVE-2018-18505

An earlier fix for an Inter-process Communication IPC vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the...

10CVSS9.9AI score0.04538EPSS
Exploits0
CVE
CVE
added 2019/02/05 9:0 p.m.321 views

CVE-2018-18505

CVE-2018-18505 concerns an IPC privilege-escalation in Mozilla products where an authentication added during IPC process creation is not applied to channels created later, enabling potential sandbox escape through IPC channels. Public advisories tie this to Thunderbird and Firefox releases prior ...

10CVSS7.2AI score0.04538EPSS
Exploits0References18Affected Software2
CNVD
CNVD
added 2019/02/01 12:0 a.m.1 views

Mozilla Firefox elevation of privilege vulnerability (CNVD-2019-05566)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from the program's lack of message validation. An attacker can exploit the vulnerability to bypass the sandbox...

10CVSS8.6AI score0.04538EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/01/30 12:0 a.m.36 views

Mozilla Firefox Security Advisories (MFSA2018-31, MFSA2019-03) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

10CVSS8.3AI score0.12658EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2019/01/30 12:0 a.m.26 views

Mozilla Firefox ESR Security Advisories (MFSA2018-31, MFSA2019-03) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

10CVSS10AI score0.12658EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/09/07 2:0 p.m.26 views

CVE-2018-16657

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcittstringarray core function for calculating a CRC hash for To tags. An additional error is present ...

9.3AI score0.03581EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2018/07/13 3:17 p.m.26 views

FedMsg not properly completing message validation

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

7.5CVSS2.6AI score0.01505EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/05/28 12:0 a.m.3 views

Denial of Service Vulnerability in Multiple Huawei Products (CNVD-2018-10506)

Huawei DP300 and others are products of Huawei, China.DP300 is a video conferencing terminal.RP200 is an all-in-one video conferencing device. A security vulnerability exists in a number of Huawei products, which stems from a program that fails to adequately validate messages. An attacker could...

5.3CVSS6.7AI score0.01248EPSS
Exploits0References1
OSV
OSV
added 2018/02/15 4:29 p.m.5 views

CVE-2017-17300

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain...

7.5CVSS5.8AI score0.01621EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/02/15 2:0 a.m.29 views

CVE-2018-0850

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability"...

7.5AI score0.05128EPSS
Exploits0References3
CNVD
CNVD
added 2018/02/01 12:0 a.m.2 views

Integer Overflow Vulnerability in Multiple Huawei Products

Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. An integer overflow vulnerability exists in multiple Huawei products, which is due to the device failing to adequately validate some fields in a messag...

5.3CVSS7.1AI score0.01248EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/19 12:0 a.m.2 views

Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-37731)

Huawei AR120-S and others are router products from Huawei China. A buffer overflow vulnerability exists in multiple Huawei products due to a program failing to adequately validate some values in a message. A remote attacker could exploit this vulnerability by sending specially crafted SIP message...

5.3CVSS7.1AI score0.01241EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/04 12:0 a.m.2 views

Buffer Overflow Vulnerability in SIP Backup Module for Multiple Huawei Products

Huawei DP300 and so on are products of Huawei, China.Huawei DP300 is a video conferencing end device.IPS Module is an intrusion prevention module.SIP backup is one of the SIP backup modules. A buffer overflow vulnerability exists in the SIP backup module in multiple Huawei products due to the...

5.3CVSS7.1AI score0.00906EPSS
Exploits0References1
Veracode
Veracode
added 2017/07/17 4:24 p.m.23 views

Missing Message Validation

fedmsg is missing message validation. The library contains a bug where the base class' default value does not enable signature validation...

7.5CVSS7.3AI score0.01505EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/07/17 1:18 p.m.26 views

CVE-2017-1000001

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

7.5CVSS7.4AI score0.01505EPSS
Exploits0References1
PyPA
PyPA
added 2017/07/17 1:18 p.m.5 views

PYSEC-2017-13

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

7.5CVSS6.9AI score0.01505EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/07/17 1:18 p.m.22 views

PYSEC-2017-13

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

7.5CVSS2.5AI score0.01505EPSS
Exploits0References2
Prion
Prion
added 2017/07/17 1:18 p.m.12 views

Input validation

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

5CVSS7.3AI score0.01505EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2017/07/17 1:18 p.m.20 views

CVE-2017-1000001

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

7.5CVSS7AI score0.01505EPSS
Exploits0References3
OSV
OSV
added 2017/07/17 1:18 p.m.1 views

UBUNTU-CVE-2017-1000001

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

7.5CVSS5.8AI score0.01505EPSS
Exploits0References4
Rows per page
Query Builder