Lucene search
K

469 matches found

OSV
OSV
added 2019/07/19 4:12 p.m.42 views

GHSA-5WV5-4VPF-PJ6M Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

8.7CVSS7.4AI score0.01884EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2019/07/19 12:0 a.m.38 views

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

7.5CVSS7.4AI score0.03855EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2019/07/17 2:15 p.m.24 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS7.5AI score0.01884EPSS
Exploits1References1
OSV
OSV
added 2019/07/17 2:15 p.m.32 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS7.5AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/07/17 2:15 p.m.41 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS6.7AI score0.01884EPSS
Exploits1References2
OSV
OSV
added 2019/07/17 2:15 p.m.2 views

UBUNTU-CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS7.1AI score0.01884EPSS
Exploits1References3
OSV
OSV
added 2019/07/17 2:15 p.m.62 views

PYSEC-2019-179

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS5.9AI score0.01884EPSS
Exploits1References2
CVE
CVE
added 2019/07/17 1:59 p.m.114 views

CVE-2019-1010083

CVE-2019-1010083 affects the Pallets Project Flask before 1.0, where crafted encoded JSON data can cause unexpected memory usage leading to denial of service. The fix is upgrading to Flask 1.0 (or later). This entry may overlap with CVE-2018-1000656 per multiple sources.

7.5CVSS7.3AI score0.01884EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2019/07/17 1:59 p.m.32 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS7.7AI score0.01884EPSS
Exploits1
Cvelist
Cvelist
added 2019/07/17 1:59 p.m.32 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.4AI score0.01884EPSS
Exploits1References1
Fedora
Fedora
added 2019/06/14 12:55 a.m.19 views

[SECURITY] Fedora 30 Update: js-jquery-jstree-3.3.8-1.fc30

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

0.3AI score
Exploits0
pentestit
pentestit
added 2019/06/10 6:3 a.m.666 views

UPDATE: OWASP Dependency-Check 5.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...

6.5CVSS0.5AI score0.79176EPSS
Exploits1
NVD
NVD
added 2019/06/07 4:29 p.m.24 views

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

6.1CVSS7.2AI score0.00821EPSS
Exploits1References1
Prion
Prion
added 2019/06/07 4:29 p.m.17 views

Cross site scripting

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

4.3CVSS7AI score0.00821EPSS
Exploits1References1Affected Software4
Cvelist
Cvelist
added 2019/06/07 3:6 p.m.44 views

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

6.4AI score0.00821EPSS
Exploits1References1
NVD
NVD
added 2019/04/25 9:29 p.m.20 views

CVE-2019-11489

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...

9CVSS8.5AI score0.02563EPSS
Exploits1References2
Prion
Prion
added 2019/04/25 9:29 p.m.17 views

Improper access control

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...

9CVSS8.4AI score0.02563EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/04/25 8:2 p.m.49 views

CVE-2019-11489

CVE-2019-11489 affects SimplyBook.me Enterprise (older releases) where the Administrative Management Interface enforces incorrect access control. Affected: authenticated low-privilege users; vulnerability allows elevation to full admin rights via a crafted HTTP PUT to a /v2/rest/ endpoint with mo...

9CVSS8.3AI score0.02563EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/18 5:29 p.m.3 views

CVE-2019-11319

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value...

9.8CVSS7.8AI score0.03905EPSS
Exploits1References1
Prion
Prion
added 2019/04/01 8:29 p.m.18 views

Code injection

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data...

5CVSS7.5AI score0.19396EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder