Lucene search
K

9165 matches found

CVE
CVE
added 2019/01/16 8:0 p.m.111 views

CVE-2018-5737

CVE-2018-5737 concerns ISC BIND 9.12.x. The issue arises from the implementation of the new serve-stale feature, which can trigger an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, interaction between serve-stale and NSEC aggressive negative caching can, in some ...

7.5CVSS6.3AI score0.10355EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/01/15 10:29 p.m.24 views

CVE-2019-3557

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as streamgetline, to trigger an out-of-bounds read when operating on such malformed streams. The implementations wer...

9.8CVSS9.5AI score0.01711EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/01/15 10:0 p.m.28 views

CVE-2019-3557

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as streamgetline, to trigger an out-of-bounds read when operating on such malformed streams. The implementations wer...

9.4AI score0.01711EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2019/01/15 12:32 p.m.252 views

36-Year-Old SCP Clients' Implementation Flaws Discovered

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol SCP implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol SCP, also known as...

6.8CVSS0.58204EPSS
Exploits10
Veracode
Veracode
added 2019/01/15 9:21 a.m.29 views

Improper Encryption Implementation

erlang has an improper encryption implementation. The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher...

5.9CVSS5.8AI score0.22098EPSS
Exploits0References14Affected Software8
Veracode
Veracode
added 2019/01/15 9:16 a.m.36 views

Timing Attack

tomcat-catalina is vulnerable to timing attacks. When the supplied username does not exist, the Realm implementation will not process the supplied password, making a timing attack possible to determine valid usernames. Note that the default configuration includes the LockOutRealm which makes...

5.9CVSS7.2AI score0.07991EPSS
Exploits0References39Affected Software6
Veracode
Veracode
added 2019/01/15 8:56 a.m.28 views

Authorization Bypass

kernel-rt is vulnerable to authorization bypass attacks. The vulnerability exists as the Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access...

2.1CVSS7AI score0.00534EPSS
Exploits1References14Affected Software2
Veracode
Veracode
added 2019/01/15 8:54 a.m.20 views

Information Disclosure

icedtea-web is vulnerable to information disclosure attacks. The vulnerability exists as the LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary...

2.1CVSS5.2AI score0.00482EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.33 views

Authorization Bypass

qemu-kvm is vulnerable to authorization bypass attacks. The vulnerability exists through a buffer overflow in the SCSI implementation in QEMU, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command...

7.2CVSS6.7AI score0.00434EPSS
Exploits0References93Affected Software2
Veracode
Veracode
added 2019/01/15 8:50 a.m.40 views

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service through a crafted application...

4.9CVSS5.4AI score0.00795EPSS
Exploits1References20Affected Software2
NVD
NVD
added 2019/01/11 6:29 p.m.17 views

CVE-2017-2411

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates...

5.9CVSS5.5AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/11 12:0 a.m.2 views

CloudBees Jenkins and LTS Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...

7.8CVSS6.8AI score0.00433EPSS
Exploits0References1
NVD
NVD
added 2019/01/10 9:29 p.m.13 views

CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

7.5CVSS7.5AI score0.02525EPSS
Exploits0References6
Prion
Prion
added 2019/01/10 9:29 p.m.15 views

Input validation

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

6.4CVSS7.6AI score0.02525EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/01/07 6:0 p.m.27 views

CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

6.8AI score0.00774EPSS
Exploits1References32
Prion
Prion
added 2019/01/07 5:29 p.m.31 views

Design/Logic Flaw

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

2.1CVSS6AI score0.00774EPSS
Exploits1References32Affected Software1
ThreatPost
ThreatPost
added 2019/01/02 3:42 p.m.21 views

Chrome in Android Leaks Device Fingerprinting Info

Google has issued a partial fix for an Android issue dating back to 2015 – after originally rejecting the bug report on the grounds of the mobile OS “working as intended.” The issue – which still doesn’t have a CVE designation despite being partially addressed as a problem – has to do with how...

7AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.47 views

SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2018:1991-1)

This update for glibc fixes the following security issues : - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the...

9.8CVSS7.8AI score0.074EPSS
Exploits3References12
Yubico
Yubico
added 2019/01/01 12:0 a.m.65 views

Security advisory YSA-2019-01 | Yubico

Yubico library libu2f-host prior to version 1.1.7 contains an unchecked buffer, which could allow a buffer overflow. Libu2f-host is a library that implements the host party of the U2F protocol. This issue can allow an attacker with a custom made malicious USB device masquerading as a security key...

6.8CVSS7.2AI score0.00499EPSS
Exploits0
Prion
Prion
added 2018/12/26 6:29 p.m.14 views

Information disclosure

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation...

4.3CVSS5.9AI score0.05273EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder