Lucene search
K

4721 matches found

CNVD
CNVD
added 2019/04/08 12:0 a.m.2 views

Jupyter Notebook Open Redirect Vulnerability

Jupyter Notebook is an open source web application that lets you create and share documents containing live code, equations, visualizations, and narrative text. An open redirection vulnerability exists in Jupyter Notebook versions prior to 5.7.8. An attacker can exploit this vulnerability via emp...

6.1CVSS6.9AI score0.01264EPSS
Exploits1References1
Prion
Prion
added 2019/04/04 4:29 p.m.23 views

Open redirect

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...

5.8CVSS6.3AI score0.01741EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2019/04/04 4:29 p.m.5 views

PYSEC-2019-158

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...

6.1CVSS9.2AI score0.01741EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/04/04 4:29 p.m.27 views

PYSEC-2019-158

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...

6.1CVSS2.7AI score0.01264EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.4 views

The vulnerability of the imap_mail function in the PHP programming language allows a hacker to cause a service failure.

The vulnerability of the imapmail function in the PHP programming language is related to errors in handling empty strings in message arguments. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.8AI score0.07065EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.3 views

PT-2019-12060 · Project Jupyter +2 · Jupyter Notebook +2

Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.7.8 Description: The issue is related to an open redirect that can occur due to an empty netloc. This problem exists because of an incomplete fix for a previously identified issue. Recommendations: For...

7.5CVSS6AI score0.01741EPSS
Exploits1References37
Positive Technologies
Positive Technologies
added 2019/03/29 12:0 a.m.3 views

PT-2019-1107 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r1 Description: A double-free issue is present in the yyparse function when an empty description is used, potentially causing a crash or code execution. This issue affects applications that use libyang to parse...

10CVSS7.3AI score0.0279EPSS
Exploits7References44
OSV
OSV
added 2019/03/27 6:29 p.m.2 views

ALPINE-CVE-2018-12551

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent...

8.1CVSS7.2AI score0.01475EPSS
Exploits1References1
OSV
OSV
added 2019/03/27 6:29 p.m.2 views

ALPINE-CVE-2018-12550

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...

8.1CVSS6.9AI score0.01353EPSS
Exploits0References1
OSV
OSV
added 2019/03/27 6:29 p.m.1 views

UBUNTU-CVE-2018-12550

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...

8.1CVSS7.2AI score0.01353EPSS
Exploits0References4
OSV
OSV
added 2019/03/27 6:29 p.m.1 views

DEBIAN-CVE-2018-12550

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty...

8.1CVSS7.6AI score0.01353EPSS
Exploits0References1
OSV
OSV
added 2019/03/27 6:29 p.m.3 views

DEBIAN-CVE-2018-12551

When Eclipse Mosquitto version 1.0 to 1.5.5 inclusive is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent...

8.1CVSS7.2AI score0.01475EPSS
Exploits1References1
OSV
OSV
added 2019/03/27 1:29 p.m.1 views

DEBIAN-CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...

6.8CVSS7.1AI score0.02462EPSS
Exploits1References1
OSV
OSV
added 2019/03/27 1:29 p.m.2 views

ALPINE-CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users...

6.8CVSS7.1AI score0.02462EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/03/27 12:0 a.m.4 views

PT-2019-5775 · Influxdata +3 · Influxdb +3

Name of the Vulnerable Software and Affected Versions: InfluxDB versions prior to 1.7.6 Description: The issue is related to an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go due to a JWT token having an empty SharedSecret. This allows a remote...

9.8CVSS7AI score0.4478EPSS
Exploits10References62
OSV
OSV
added 2019/03/25 7:29 p.m.2 views

ALPINE-CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

9.1CVSS7AI score0.05118EPSS
Exploits0References1
OSV
OSV
added 2019/03/25 7:29 p.m.0 views

DEBIAN-CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

9.1CVSS7.2AI score0.05118EPSS
Exploits0References1
OSV
OSV
added 2019/03/25 7:29 p.m.1 views

UBUNTU-CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

9.1CVSS6.9AI score0.05118EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/03/06 12:0 a.m.6 views

The vulnerability of the atol8 function in the libarchive library, which allows a hacker to cause a service failure

The vulnerability of the atol8 function archivereadsupportformatxar.c in the libarchive library is related to errors in processing empty strings, which can lead to buffer overflows. Exploiting this vulnerability could allow a malicious actor to cause service failures...

6.5CVSS6.9AI score0.03341EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2019/02/28 6:1 a.m.8 views

Data Leakage

ansible is vulnerable to data leakage. The vulnerability is possible because it does not properly handle empty strings passed to rsyncopts, which results in the revealing of the current working directory information...

6.6AI score
Exploits0
Rows per page
Query Builder