Lucene search
K

9164 matches found

Veracode
Veracode
added 2019/05/02 5:12 a.m.41 views

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

6.8CVSS4.7AI score0.04102EPSS
Exploits0References34Affected Software3
Veracode
Veracode
added 2019/05/02 5:3 a.m.8 views

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A race condition was found in the way N...

10CVSS7.7AI score0.06381EPSS
Exploits5References40Affected Software3
Veracode
Veracode
added 2019/05/02 5:3 a.m.33 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

7.8CVSS6.6AI score0.37233EPSS
Exploits24References36Affected Software1
Veracode
Veracode
added 2019/05/02 4:59 a.m.36 views

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remot...

6.2CVSS6.9AI score0.03181EPSS
Exploits8References40Affected Software1
Veracode
Veracode
added 2019/05/02 4:59 a.m.41 views

Sensitive Information Disclosure

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remot...

6.2CVSS6.9AI score0.03181EPSS
Exploits8References36Affected Software1
Veracode
Veracode
added 2019/05/02 4:56 a.m.42 views

Heap-based Out-Of-Bounds Write

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References20Affected Software2
Veracode
Veracode
added 2019/05/02 4:56 a.m.24 views

Arbitrary Code Execution

java is vulnerable to arbitrary code execution. The vulnerability exists through as an incorrect exception is thrown in the SNMP implementation, allowing sandbox escape...

7.5CVSS5.9AI score0.04234EPSS
Exploits0References31Affected Software3
Veracode
Veracode
added 2019/05/02 4:43 a.m.33 views

Bypass Policy

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

9.3CVSS9.8AI score0.42609EPSS
Exploits5References23Affected Software3
Prion
Prion
added 2019/04/26 10:29 p.m.16 views

Null pointer dereference

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

4.3CVSS5.7AI score0.03252EPSS
Exploits0References15Affected Software2
UbuntuCve
UbuntuCve
added 2019/04/26 12:0 a.m.26 views

CVE-2019-11555

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

5.9CVSS6.8AI score0.03252EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2019/04/20 1:29 p.m.22 views

CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...

9.8CVSS7.6AI score0.04288EPSS
Exploits1References5
OSV
OSV
added 2019/04/17 2:29 p.m.23 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

8.1CVSS7.9AI score
Exploits0References9
NVD
NVD
added 2019/04/17 2:29 p.m.30 views

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

5.9CVSS5.8AI score0.03739EPSS
Exploits0References9
OSV
OSV
added 2019/04/17 2:29 p.m.23 views

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

5.9CVSS5.8AI score
Exploits0References9
Prion
Prion
added 2019/04/17 2:29 p.m.35 views

Design/Logic Flaw

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

4.3CVSS5.5AI score0.03739EPSS
Exploits0References9Affected Software8
AlpineLinux
AlpineLinux
added 2019/04/17 1:31 p.m.36 views

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

5.9CVSS6.5AI score0.03739EPSS
Exploits0
Debian CVE
Debian CVE
added 2019/04/17 1:31 p.m.29 views

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

5.9CVSS6.5AI score0.03739EPSS
Exploits0
Cvelist
Cvelist
added 2019/04/17 1:31 p.m.30 views

CVE-2019-9497 The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

8AI score0.05372EPSS
Exploits0References10
CNVD
CNVD
added 2019/04/16 12:0 a.m.1 views

WPA Authorization Issues Vulnerabilities

WPA is a set of Wi-Fi access protection schemes from the Wi-Fi Alliance USA, including security protocols and security authentication procedures. There is a security vulnerability in the implementation of WPA. An attacker can exploit the vulnerability to gain access to sensitive information...

8.1CVSS9.4AI score0.05372EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/04/15 12:0 a.m.63 views

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4612)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4612 advisory. - can: gw: ensure DLC boundaries after CAN frame modification Oliver Hartkopp Orabug: 29215297 CVE-2019-3701 CVE-2019-3701 - exec: Fix mem leak in...

8.1CVSS6.6AI score0.16523EPSS
Exploits11References8
Rows per page
Query Builder