Lucene search
K

145 matches found

OSV
OSV
added 2018/03/20 5:29 p.m.5 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS5.8AI score0.02863EPSS
Exploits0References1
OSV
OSV
added 2018/03/20 5:29 p.m.4 views

UBUNTU-CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS5.8AI score0.02863EPSS
Exploits0References3
Prion
Prion
added 2018/03/20 5:29 p.m.19 views

Input validation

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

5CVSS7.3AI score0.02863EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/20 5:29 p.m.22 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS7.4AI score0.02863EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/03/20 5:29 p.m.34 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS7AI score0.02863EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/03/20 5:0 p.m.65 views

CVE-2018-1294

If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...

7.5CVSS7.4AI score0.02863EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/09 9:26 p.m.18 views

Daniel Miessler on My Writings about IoT Security

Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything i...

6.8AI score
Exploits0
OSV
OSV
added 2017/02/26 11:59 p.m.4 views

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...

8.1CVSS6.1AI score0.80386EPSS
Exploits9References10
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.5 views

php: HTTP response splitting in header() function

The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...

6.1CVSS7.2AI score0.02959EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.24 views

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

5.9CVSS7.2AI score0.01179EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2015/11/05 12:0 a.m.13 views

PHPmailer -- SMTP injection vulnerability

PHPMailer changelog reports: Fix vulnerability that allowed email addresses with line breaks valid in RFC5322 to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada...

1.6AI score
Exploits0References1
Prion
Prion
added 2015/10/09 2:59 p.m.16 views

Privilege escalation

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...

6.8CVSS7.3AI score0.02127EPSS
Exploits0References9Affected Software7
RedHat Linux
RedHat Linux
added 2015/06/04 8:2 a.m.3 views

php: HTTP response splitting in header() function

The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...

6.1CVSS7.2AI score0.02959EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/01/17 12:0 a.m.25 views

CentOS 5 : conga (CESA-2013:0128)

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

3.7CVSS5.6AI score0.0034EPSS
Exploits0References4
PostrgeSql
PostrgeSql
added 2012/07/18 11:0 p.m.611 views

Vulnerability in core server (CVE-2012-0868)

Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pgdump file...

6.8CVSS7AI score0.0257EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2012/03/07 12:0 a.m.30 views

Mandriva Update for postgresql MDVSA-2012:026 (postgresql)

Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVSA-2012:026 postgresql Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

6.8CVSS0.03625EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2012/03/07 12:0 a.m.24 views

Mandriva Update for postgresql8.3 MDVSA-2012:027 (postgresql8.3)

Check for the Version of postgresql8.3 OpenVAS Vulnerability Test Mandriva Update for postgresql8.3 MDVSA-2012:027 postgresql8.3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

6.8CVSS0.03625EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2012/03/01 12:0 a.m.39 views

Mandriva Linux Security Advisory : postgresql (MDVSA-2012:026)

Multiple vulnerabilities has been discovered and corrected in postgresql : Permissions on a function called by a trigger are not properly checked CVE-2012-0866. SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third-party...

6.8CVSS7.8AI score0.03625EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/02/28 12:0 a.m.52 views

PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities

Binary data 6337.prm...

6.8CVSS7AI score0.03625EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2012/02/27 12:0 a.m.35 views

databases/postgresql*-client -- multiple vulnerabilities

The PostgreSQL Global Development Group reports: These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading ...

6.8CVSS6.9AI score0.0257EPSS
Exploits1References1
Rows per page
Query Builder