Lucene search
K

167 matches found

Amazon
Amazon
added 2020/10/27 12:0 a.m.31 views

Medium: bash

Issue Overview: rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell. CVE-2019-9924 Affected Packages: bash Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

7.8CVSS7.8AI score0.00415EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/10/27 12:0 a.m.29 views

Eclipse Jetty Privilege Escalation Vulnerability - Linux

Eclipse Jetty is prone to a privilege escalation vulnerability through a local temp directory. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7CVSS7.4AI score0.043EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/08/26 12:0 a.m.6 views

Discourse < 2.6.0.beta2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

7.3AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2020/03/03 3:32 p.m.4 views

com.hotels.styx:styx-api-testsupport (>=0.0.1.beta6 <=v0.0.5), com.hotels.styx:styx-backend-provider (>=0.0.1.beta6 <=v0.0.5) +11 more potentially affected by CVE-2020-6858 via com.hotels.styx:styx-api (>=styx-1.0.0.beta2 <=0.7.9)

com.hotels.styx:styx-api MAVEN version =styx-1.0.0.beta2, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =v0.0.5 Source cves: CVE-2020-6858 Source advisory:...

6.5CVSS6.5AI score0.01162EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/01/16 4:2 p.m.8 views

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS6.6AI score0.04293EPSS
Exploits2References4
CNVD
CNVD
added 2019/12/19 12:0 a.m.3 views

ISC Kea DHCP Input Validation Error Vulnerability

ISC Kea DHCP is an open source DHCP Dynamic Host Configuration Protocol server from ISC. An input validation error vulnerability exists in ISC Kea DHCP versions 1.4.0 through 1.5.0, 1.6.0-beta1 and 1.6.0-beta2. The vulnerability arises from the network system or product not properly validating...

6.5CVSS7AI score0.00712EPSS
Exploits0References1
NVD
NVD
added 2019/10/16 6:15 p.m.12 views

CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

6.5CVSS5.8AI score0.00712EPSS
Exploits0References1
NVD
NVD
added 2019/10/16 6:15 p.m.16 views

CVE-2019-6472

A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

6.5CVSS6.3AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 6:15 p.m.2 views

DEBIAN-CVE-2019-6472

A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

6.5CVSS6.9AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 6:15 p.m.5 views

ALPINE-CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

6.5CVSS7AI score0.00797EPSS
Exploits0References1
Prion
Prion
added 2019/10/16 6:15 p.m.15 views

Design/Logic Flaw

A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

3.3CVSS6.3AI score0.00796EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2019/10/16 5:22 p.m.23 views

CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

6.5CVSS6.3AI score0.00712EPSS
Exploits0
CVE
CVE
added 2019/10/16 5:22 p.m.94 views

CVE-2019-6473

CVE-2019-6473 affects the Kea DHCPv4 server (kea-dhcp4). The root cause is an invalid hostname option that triggers an assertion failure, causing the server process to exit. Affected versions are 1.4.0–1.5.0 and 1.6.0-beta1/beta2. Multiple connected advisories summarize this as a remote issue tha...

6.5CVSS6.2AI score0.00797EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2019/10/16 5:22 p.m.41 views

CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

6.5CVSS5.9AI score0.00712EPSS
Exploits0
Symantec
Symantec
added 2019/08/28 12:0 a.m.30 views

ISC Kea CVE-2019-6472 Denial of Service Vulnerability

Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...

1.1AI score0.00796EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/08/28 12:0 a.m.4 views

UBUNTU-CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

6.5CVSS6.6AI score0.00797EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/07/17 12:0 a.m.1025 views

Discourse < 2.4.0.beta2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities including XSS and SQL injection flaws. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.7AI score0.01044EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/05/29 12:0 a.m.25 views

EulerOS 2.0 SP3 : bash (EulerOS-SA-2019-1564)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the...

7.8CVSS7.2AI score0.00415EPSS
Exploits0References2
Prion
Prion
added 2019/03/22 8:29 a.m.21 views

Design/Logic Flaw

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...

7.2CVSS7.7AI score0.00415EPSS
Exploits0References7Affected Software4
UbuntuCve
UbuntuCve
added 2019/03/22 12:0 a.m.48 views

CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...

7.8CVSS6.9AI score0.00415EPSS
Exploits0References5
Rows per page
Query Builder