CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

979 matches found

Prion•added 2019/10/01 4:15 p.m.•15 views

Null pointer dereference

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor...

4.3CVSS5.4AI score0.00368EPSS

Exploits1References4Affected Software1

CVE•added 2019/10/01 3:22 p.m.•99 views

CVE-2019-17064

The CVE-2019-17064 issue is a NULL pointer dereference in Catalog.cc of Xpdf 4.02 caused by late initialization of Catalog.pageLabels. Updates have been released (e.g., Fedora 2019-b890d4aad2; Mageia MGASA-2019-0422) to apply the upstream fix. Affected products are Xpdf 4.02; no exploitation deta...

5.5CVSS5.2AI score0.00368EPSS

Exploits1References4Affected Software1

RedHat Linux•added 2019/09/04 7:18 a.m.•3 views

jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin

A flaw was found in Jenkins Script Security plugin. Sandbox protection could be circumvented by casting crafted objects to other types allowing an attacker to specify sandboxed scripts to invoke constructors that weren't previously whitelisted. The highest threat from this vulnerability is to dat...

8.8CVSS5.7AI score0.00041EPSS

Exploits0References5

Node.js•added 2019/08/29 5:53 p.m.•14 views

Command Injection

Overview All versions of marsdb are vulnerable to Command Injection. In the DocumentMatcher class, selectors on $where clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. Recommendation No fix is...

7.1AI score

Exploits0Affected Software1

NVD•added 2019/08/26 3:15 p.m.•10 views

CVE-2018-21000

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

9.8CVSS9.5AI score0.00425EPSS

Exploits0References2

Prion•added 2019/08/26 3:15 p.m.•15 views

Memory corruption

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

7.5CVSS9.4AI score0.00425EPSS

Exploits0References2Affected Software1

OSV•added 2019/08/26 3:15 p.m.•3 views

UBUNTU-CVE-2018-21000

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

9.8CVSS7.3AI score0.00425EPSS

Exploits0References4

Cvelist•added 2019/08/26 2:29 p.m.•12 views

CVE-2018-21000

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

9.5AI score0.00425EPSS

Exploits0References2

OSV•added 2019/08/23 5:15 p.m.•1 views

DEBIAN-CVE-2019-10747

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...

9.8CVSS8.1AI score0.00493EPSS

Exploits1References1

NVD•added 2019/08/23 5:15 p.m.•15 views

CVE-2019-10746

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.8CVSS9.3AI score0.00734EPSS

Exploits1References4

OSV•added 2019/08/23 5:15 p.m.•1 views

DEBIAN-CVE-2019-10746

9.8CVSS8.3AI score0.00734EPSS

Exploits1References1

NVD•added 2019/08/23 5:15 p.m.•16 views

CVE-2019-10747

9.8CVSS8.2AI score0.00493EPSS

Exploits1References4

Prion•added 2019/08/23 5:15 p.m.•29 views

Code injection