CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2019/10/07 11:8 a.m.•33 views

CVE-2019-15925

An out-of-bounds access flaw was found in the hclgeshaperparacalc driver in the Linux kernel. Access to an array with an index higher than its maximum index will lead to an out-of-bounds access vulnerability. This could affect both data confidentiality and integrity as well as system availability...

7.8CVSS1.9AI score0.00349EPSS

RedhatCVE•added 2019/10/06 4:31 a.m.•34 views

CVE-2019-13638

A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...

9.3CVSS3.5AI score0.0453EPSS

Prion•added 2019/10/02 7:15 p.m.•18 views

Sql injection

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

9CVSS9AI score0.02965EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2019/10/02 2:29 p.m.•1 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS

Exploits1References9

RedHat Linux•added 2019/10/01 4:14 p.m.•1 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

RedHat Linux•added 2019/10/01 1:40 p.m.•5 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

RedhatCVE•added 2019/10/01 10:51 a.m.•17 views

CVE-2016-10907

An out-of-bounds flaw was found in the Industrial I/O Subsystem of the Linux kernel. A comparison for devnr limits is exceeded by one, where the current implementation allowed 0 to AD5755NUMCHANNELS, while the actual limit should have been till 'AD5755NUMCHANNELS - 1'. This could lead to an out o...

7.8CVSS1.2AI score0.00402EPSS

RedHat Linux•added 2019/10/01 10:3 a.m.•3 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

RedHat Linux•added 2019/10/01 10:3 a.m.•3 views

HTTP/2: flood using PING frames results in unbounded memory growth

7.8CVSS7.1AI score0.83433EPSS

Exploits1References9

RedHat Linux•added 2019/10/01 10:3 a.m.•6 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.24822EPSS

Exploits0References6

RedHat Linux•added 2019/10/01 10:3 a.m.•3 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS

Exploits0References7

RedHat Linux•added 2019/10/01 10:3 a.m.•2 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS

Exploits0References9

RedHat Linux•added 2019/09/30 3:15 p.m.•3 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

RedHat Linux•added 2019/09/30 3:15 p.m.•1 views

HTTP/2: flood using empty frames results in excessive resource consumption

7.8CVSS7.1AI score0.24822EPSS

Exploits0References6

RedHat Linux•added 2019/09/23 8:37 p.m.•0 views

HTTP/2: flood using PING frames results in unbounded memory growth

7.8CVSS7.1AI score0.83433EPSS

Exploits1References9

RedHat Linux•added 2019/09/23 12:59 p.m.•0 views

dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass

A flaw was found in dbus. The implementation of DBUSCOOKIESHA1 is susceptible to a symbolic link attack. A malicious client with write access to its own home directory could manipulate a /.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations resulting in an...

7.1CVSS7.1AI score0.00555EPSS

Exploits0References5

RedHat Linux•added 2019/09/20 2:11 a.m.•4 views

dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

9.8CVSS5.7AI score0.62324EPSS

Exploits1References5

RedHat Linux•added 2019/09/19 7:37 a.m.•1 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.59547EPSS