Lucene search
K

76 matches found

Cvelist
Cvelist
added 2019/03/27 1:38 p.m.30 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5AI score0.98507EPSS
Exploits18References12
Vulnrichment
Vulnrichment
added 2019/03/27 1:38 p.m.7 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7AI score0.98507EPSS
Exploits18References12
Debian CVE
Debian CVE
added 2019/03/27 1:38 p.m.37 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7.4AI score0.98507EPSS
Exploits18
GitLab Advisory Database
GitLab Advisory Database
added 2019/03/27 12:0 a.m.33 views

Allocation of Resources Without Limits or Throttling

There is a possible denial of service vulnerability in Action View Rails where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive...

7.8CVSS4.2AI score0.08671EPSS
Exploits3References1Affected Software1
GithubExploit
GithubExploit
added 2019/03/16 11:58 a.m.134 views

Exploit for Path Traversal in Rubyonrails Rails

CVE-2019-5418 - File Content Disclosure on Rails EDIT: th...

7.8CVSS7.2AI score0.98507EPSS
Exploits19
OSV
OSV
added 2019/03/13 5:26 p.m.36 views

GHSA-86G5-2WH3-GC9J Path Traversal in Action View

File Content Disclosure in Action View Impact ------ There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. Th...

7.5CVSS7.2AI score0.98507EPSS
Exploits18References18
Github Security Blog
Github Security Blog
added 2019/03/13 5:26 p.m.62 views

Path Traversal in Action View

File Content Disclosure in Action View Impact ------ There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. Th...

7.5CVSS7.2AI score0.98507EPSS
Exploits18References19Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.28 views

File Content Disclosure in Action View

There is a possible file content disclosure vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2019-5418. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Impact ------ There is a possible file...

7.5CVSS0.8AI score0.98507EPSS
Exploits18References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/02/23 12:0 a.m.55 views

FreeBSD : asterisk -- multiple vulnerabilities (933654ce-17b8-11e8-90b8-001999f8d30b)

The Asterisk project reports : AST-2018-004 - When processing a SUBSCRIBE request the respjsippubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Acce...

7.5CVSS6.7AI score0.58284EPSS
Exploits10References5
OSV
OSV
added 2018/02/22 12:29 a.m.22 views

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

7.5CVSS7.4AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/02/22 12:29 a.m.28 views

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

7.5CVSS7.1AI score0.58284EPSS
Exploits5References2
Prion
Prion
added 2018/02/22 12:29 a.m.24 views

Buffer overflow

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

5CVSS7.5AI score0.58284EPSS
Exploits5References5Affected Software3
OSV
OSV
added 2018/02/22 12:29 a.m.3 views

UBUNTU-CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

7.5CVSS7.2AI score0.58284EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/02/22 12:0 a.m.29 views

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

7.5AI score0.58284EPSS
Exploits5References5
CVE
CVE
added 2018/02/22 12:0 a.m.124 views

CVE-2018-7284

CVE-2018-7284 affects Asterisk and Certified Asterisk; during SUBSCRIBE, res_pjsip_pubsub does not cap Accept headers (limit 32) and can write outside memory, causing a crash. Affected: 13.x–15.x releases (precise bounds in sources). Exploitation details exist (Exploit-DB), with vendor advisories...

7.5CVSS7.4AI score0.58284EPSS
Exploits5References5Affected Software1
Debian CVE
Debian CVE
added 2018/02/22 12:0 a.m.28 views

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

7.5CVSS7.3AI score0.58284EPSS
Exploits5
Rows per page
Query Builder