Lucene search
+L

92 matches found

OSV
OSV
added 2021/06/08 11:15 p.m.1 views

CVE-2021-26414

Windows DCOM Server Security Feature Bypass...

4.8CVSS5.8AI score0.4997EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/07/07 12:0 a.m.7 views

The vulnerability of the component libvncserver/hextile.c in the cross-platform library LibVNCServer allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the libvncserver/hextile.c component of the cross-platform library LibVNCServer arises from an operation that occurs outside the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility...

5.5CVSS7.1AI score0.0161EPSS
Exploits0References14Affected Software4
UbuntuCve
UbuntuCve
added 2020/06/22 10:15 p.m.33 views

CVE-2020-11096

In FreeRDP before version 2.1.2, there is a global OOB read in updatereadcachebitmapv3order. As a workaround, one can disable bitmap cache with -bitmap-cache default. This is fixed in version 2.1.2...

6.5CVSS6.9AI score0.01837EPSS
Exploits0References4
OSV
OSV
added 2020/06/17 4:15 p.m.4 views

UBUNTU-CVE-2020-14399

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed...

7.5CVSS7.1AI score0.02802EPSS
Exploits0References4
Snyk
Snyk
added 2020/06/16 3:58 p.m.3 views

HTTP Request Smuggling

Amendment This was deemed not a vulnerability. Overview tiny-http is a Low level HTTP server library Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing...

8.2CVSS6.2AI score0.01065EPSS
Exploits0References3
NVD
NVD
added 2019/06/10 5:29 p.m.23 views

CVE-2018-20356

An invalid read of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

9.8CVSS9.6AI score0.03574EPSS
Exploits1References1
OSV
OSV
added 2019/06/10 5:29 p.m.21 views

CVE-2018-20352

Use-after-free vulnerability in the mgcgievhandler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

8.8CVSS7.8AI score
Exploits0References1
OSV
OSV
added 2019/06/10 5:29 p.m.23 views

CVE-2018-20356

An invalid read of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

9.8CVSS7.8AI score
Exploits0References1
OSV
OSV
added 2019/06/10 5:29 p.m.18 views

CVE-2018-20353

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mghttpgetprotodata function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

9.8CVSS7.8AI score
Exploits0References1
Prion
Prion
added 2019/06/10 5:29 p.m.14 views

Design/Logic Flaw

Use-after-free vulnerability in the mgcgievhandler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

6.8CVSS8.8AI score0.02725EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/06/10 4:26 p.m.21 views

CVE-2018-20356

An invalid read of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

9.7AI score0.03574EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/06/10 4:23 p.m.21 views

CVE-2018-20355

An invalid write of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

9.7AI score0.03574EPSS
Exploits1References1
CVE
CVE
added 2019/06/10 4:21 p.m.55 views

CVE-2018-20354

The CVE-2018-20354 issue affects Cesanta Mongoose Embedded Web Server Library (versions 6.13 and earlier). A use-after-free in mg_http_get_proto_data during a return causes an invalid read of 8 bytes, leading to denial of service (crash) or remote code execution. NVD data shows high/critical impa...

9.8CVSS9.6AI score0.03574EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2019/01/15 9:23 a.m.48 views

libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution...

9.8CVSS6.4AI score0.15089EPSS
Exploits0References5
OSV
OSV
added 2018/08/24 7:29 p.m.2 views

ALPINE-CVE-2018-14598

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS segmentation fault...

7.5CVSS7AI score0.04229EPSS
Exploits0References1
OSV
OSV
added 2018/06/22 5:40 a.m.8 views

SUSE-SU-2018:1781-1 Security update for mariadb

MariaDB was updated to 10.0.35 bsc1090518 Notable changes: PCRE updated to 8.42 XtraDB updated to 5.6.39-83.1 TokuDB updated to 5.6.39-83.1 InnoDB updated to 5.6.40 The embedded server library now supports SSL when connecting to remote servers bsc1088681, CVE-2018-2767 MDEV-15249 - Crash in MVCC...

7.7CVSS5.7AI score0.0401EPSS
Exploits0References15
OSV
OSV
added 2018/06/07 2:29 a.m.5 views

CVE-2017-16155

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

7.5CVSS5.8AI score0.02005EPSS
Exploits1References2
OSV
OSV
added 2018/05/23 8:16 a.m.8 views

SUSE-SU-2018:1382-1 Security update for mariadb

MariaDB was updated to 10.0.35 bsc1090518 Notable changes: PCRE updated to 8.42 XtraDB updated to 5.6.39-83.1 TokuDB updated to 5.6.39-83.1 InnoDB updated to 5.6.40 The embedded server library now supports SSL when connecting to remote servers bsc1088681, CVE-2018-2767 MDEV-15249 - Crash in MVCC...

7.7CVSS5.7AI score0.0401EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2018/01/01 12:0 a.m.5 views

PT-2018-2503 · Live555 +2 · Live555 Rtsp Server Library +2

Name of the Vulnerable Software and Affected Versions: LIVE555 RTSP server library version 0.92 Description: The issue is related to a buffer overflow error in the HTTP packet parser implementation of the LIVE555 RTSP server library. This can be exploited by a remote attacker using a specially...

10CVSS9AI score0.09487EPSS
Exploits4References49
exploitpack
exploitpack
added 2017/09/04 12:0 a.m.43 views

Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution

Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: ===============...

6.8CVSS0.04135EPSS
Exploits5
Rows per page
Query Builder