Lucene search
K

9165 matches found

OSV
OSV
added 2019/09/08 2:9 p.m.14 views

MGASA-2019-0260 Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...

7.5CVSS6.4AI score0.72988EPSS
Exploits3References6
OPENSUSE Linux
OPENSUSE Linux
added 2019/09/07 12:0 a.m.233 views

Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2085-1 Rating: moderate References: 1139210 1141689 1146111 1146115 1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: openSUSE Leap 15.1 An update that solves three...

9.8CVSS8.7AI score0.83433EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2019/09/06 12:0 a.m.59 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

This update for nginx fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. CVE-2019-9516: Fixed a denial of...

8.2CVSS7.1AI score0.82017EPSS
Exploits1References19
OSV
OSV
added 2019/09/04 8:15 p.m.34 views

CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

6.5CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2019/09/04 8:15 p.m.26 views

Design/Logic Flaw

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

3.3CVSS6.3AI score0.0135EPSS
Exploits2References3Affected Software3
Cvelist
Cvelist
added 2019/09/04 8:0 p.m.29 views

CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

6.3AI score0.0135EPSS
Exploits2References3
OSV
OSV
added 2019/09/04 12:15 p.m.32 views

CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

8.1CVSS6.9AI score0.00804EPSS
Exploits2References3
OSV
OSV
added 2019/09/04 12:15 p.m.26 views

CVE-2019-12588

The client 802.11 mac implementation in Espressif ESP8266NONOSSDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service crash via a crafted...

6.5CVSS6.7AI score
Exploits0References3
Cvelist
Cvelist
added 2019/09/04 11:31 a.m.24 views

CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

8.1AI score0.00804EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/09/03 12:0 a.m.50 views

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-4118-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4118-1 advisory. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could...

10CVSS8.1AI score0.52199EPSS
Exploits50References62
UbuntuCve
UbuntuCve
added 2019/09/02 11:15 p.m.26 views

CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

7.5CVSS7AI score0.03207EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2019/09/02 9:34 p.m.193 views

USN-4118-1: Linux kernel (AWS) vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...

10CVSS7.7AI score0.52199EPSS
Exploits50
Ubuntu
Ubuntu
added 2019/09/02 9:30 p.m.188 views

USN-4117-1: Linux kernel (AWS) vulnerabilities

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-10126 Amit Klein and Benny Pinkas discovered that the Linux kerne...

9.8CVSS7.6AI score0.52199EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2019/09/02 12:0 a.m.19 views

Cisco NX-OS Software Arbitrary File Overwrite Vulnerability

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software. An authenticated, local attacker can exploit the vulnerability to overwrite any file on the file system...

6.7CVSS6.5AI score0.00227EPSS
Exploits0References4
CNVD
CNVD
added 2019/08/29 12:0 a.m.3 views

Tableau Code Issues Vulnerabilities

Tableau is a very easy to get started with the data analysis software, just import data through a simple point and click, mouse drag and drop to generate reports. There is a code issue vulnerability in Tableau. The vulnerability arises from a design or implementation problem in the code developme...

5.5CVSS7.1AI score0.00285EPSS
Exploits1References1
NVD
NVD
added 2019/08/27 6:15 p.m.15 views

CVE-2019-15702

In the TCP implementation gnrctcp in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transportlayer/tcp/gnrctcpoption.c has an infinite loop for an unknown zero-length option...

7.5CVSS7.6AI score0.01443EPSS
Exploits1References1
OSV
OSV
added 2019/08/27 5:41 p.m.1 views

GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS5.9AI score0.00776EPSS
Exploits0References15
CVE
CVE
added 2019/08/27 5:35 p.m.114 views

CVE-2019-15702

CVE-2019-15702 affects RIOT OS GNRC TCP: the TCP options parser (gnrc_tcp_option.c) does not terminate on all inputs, causing an infinite loop for an unknown zero-length option and leading to denial-of-service in RIOT implementations up to 2019.07. The issue is a logic error in parsing TCP option...

7.5CVSS7.5AI score0.01443EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/08/27 12:0 a.m.3 views

Webmin Code Issue Vulnerability

Webmin is a set of Web-based system management tools for Unix-like operating systems. Webmin is vulnerable to a code issue. The vulnerability arises from an improper design or implementation during code development of a Web system or product. No details of the vulnerability are available at this...

6.8CVSS7.1AI score0.01452EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/08/26 3:15 p.m.14 views

CVE-2018-20991

An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free...

9.8CVSS7.2AI score0.01798EPSS
Exploits0References2
Rows per page
Query Builder