CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2020/05/19 5:55 p.m.•45 views

CVE-2020-12663

A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability...

5CVSS1.9AI score0.03588EPSS

Exploits0References3

OSV•added 2020/05/19 2:15 p.m.•3 views

CVE-2020-4412

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster...

5.3CVSS6.3AI score

Exploits0References2

RedHat Linux•added 2020/05/18 10:24 a.m.•2 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.02959EPSS

8.8CVSS7.1AI score0.07963EPSS

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

RedHat Linux•added 2020/05/18 10:24 a.m.•4 views

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.03577EPSS

9.8CVSS7.3AI score0.13836EPSS

cxf: OpenId Connect token service does not properly validate the clientId

A flaw was found in cxf in versions prior to 3.2.11 and 3.3.4. The access token services do not properly validate that an authenticated principal is equal to that of the supplied clientId parameter allowing a malicious client to use an authorization code that has been issued to a different client...

8.8CVSS7.1AI score0.03538EPSS

jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider

A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

RedHat Linux•added 2020/05/18 10:24 a.m.•3 views

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.18345EPSS

8.1CVSS7.1AI score0.05594EPSS

jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

RedHat Linux•added 2020/05/18 10:24 a.m.•5 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS

Exploits0References7

7.8CVSS7.1AI score0.82813EPSS

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Exploits0References9

RedHat Linux•added 2020/05/18 10:24 a.m.•4 views

jackson-databind: Serialization gadgets in shaded-hikari-config

9.8CVSS7.1AI score0.04575EPSS

RedhatCVE•added 2020/05/15 1:27 p.m.•29 views

CVE-2020-11523

A flaw was found in FreeRDP in versions between 1.0 and 2.0.0. An integer overflow was found in the region.c function which could allow an attacker the ability to control the RDP server as well as the data sent to the client. The highest threat from this vulnerability is to data confidentiality a...

6.6CVSS4.7AI score0.02003EPSS

RedhatCVE•added 2020/05/15 1:27 p.m.•26 views

CVE-2020-11524

A flaw was found in FreeRDP between versions 1.0 and 2.0.0. An out-of-bounds memory write was found in the interleaved.c function which could allow an attacker to take over and control the RDP server, including data sent to the client. The highest threat from this vulnerability is to data...

6.6CVSS4.6AI score0.01845EPSS

RedhatCVE•added 2020/05/15 1:27 p.m.•28 views

CVE-2020-11521

A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiality and integrity...

6.6CVSS4.5AI score0.01944EPSS

CNVD•added 2020/05/15 12:0 a.m.•5 views

Linux kernel buffer overflow vulnerability (CNVD-2021-43386)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. An attacker could exploit this vulnerability to cause an NFS client to crash, potentially impacting data...

6CVSS7.8AI score0.00261EPSS

Exploits0References1

RedhatCVE•added 2020/05/13 5:41 p.m.•24 views

CVE-2020-12825

A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability. Mitigation To mitigate...

5.8CVSS1AI score0.02319EPSS