Lucene search
K

13 matches found

OSV
OSV
added 2023/10/15 7:15 p.m.3 views

DEBIAN-CVE-2018-25091

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

6.1CVSS7.4AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2019/09/05 1:15 p.m.0 views

DEBIAN-CVE-2018-21010

OpenJPEG before 2.3.1 has a heap buffer overflow in colorapplyiccprofile in bin/common/color.c...

8.8CVSS7.5AI score0.02091EPSS
Exploits0References1
OSV
OSV
added 2019/03/15 6:29 p.m.2 views

DEBIAN-CVE-2018-20177

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdpinunistr and results in memory corruption and possibly even a remote code execution...

9.8CVSS8.2AI score0.07934EPSS
Exploits1References1
OSV
OSV
added 2019/02/05 9:29 p.m.2 views

DEBIAN-CVE-2018-18505

An earlier fix for an Inter-process Communication IPC vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the...

10CVSS8.6AI score0.04538EPSS
Exploits0References1
OSV
OSV
added 2018/12/28 4:29 p.m.1 views

DEBIAN-CVE-2018-20532

There is a NULL pointer dereference at ext/testcase.c function testcaseread in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service...

6.5CVSS9.3AI score0.02146EPSS
Exploits1References1
OSV
OSV
added 2018/10/18 6:29 a.m.2 views

DEBIAN-CVE-2018-18456

The function Object::isName in Object.h called from Gfx::opSetFillColorN in Xpdf 4.00 allows remote attackers to cause a denial of service stack-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS6.9AI score0.00966EPSS
Exploits0References1
OSV
OSV
added 2018/10/09 10:29 p.m.1 views

DEBIAN-CVE-2018-17962

Qemu has a Buffer Overflow in pcnetreceive in hw/net/pcnet.c because an incorrect integer data type is used...

7.5CVSS7AI score0.04503EPSS
Exploits1References1
OSV
OSV
added 2018/10/07 6:29 a.m.3 views

DEBIAN-CVE-2018-18021

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full register control. An attacker ca...

7.1CVSS7.4AI score0.0057EPSS
Exploits0References1
OSV
OSV
added 2018/09/24 2:29 p.m.2 views

DEBIAN-CVE-2018-17433

A heap-based buffer overflow in ReadGifImageDesc in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file...

6.5CVSS7.3AI score0.01272EPSS
Exploits1References1
OSV
OSV
added 2018/07/23 3:29 p.m.3 views

DEBIAN-CVE-2018-1999011

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asfo format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be...

8.8CVSS7.3AI score0.04244EPSS
Exploits0References1
OSV
OSV
added 2018/06/26 4:29 p.m.3 views

DEBIAN-CVE-2018-1000544

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

9.8CVSS7.1AI score0.04499EPSS
Exploits1References1
OSV
OSV
added 2018/05/22 4:29 a.m.3 views

DEBIAN-CVE-2018-11364

savparsemachineintegerinforecord in spss/readstatsavread.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconvopen call...

7.5CVSS7.4AI score0.01162EPSS
Exploits1References1
OSV
OSV
added 2018/03/13 3:29 p.m.3 views

DEBIAN-CVE-2018-1000071

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...

7.5CVSS6.8AI score0.0171EPSS
Exploits1References1
Rows per page
Query Builder