CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

Veracode•added 2020/04/10 12:53 a.m.•32 views

Cross-site Scripting (XSS)

php is vulnerable to cross-site scripting XSS. The vulnerability exists as a numeric truncation error and an input validation flaw were found in the way the PHP utf8decode function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escape...

6.8CVSS1.1AI score0.11281EPSS

Exploits1References38Affected Software1

Veracode•added 2020/04/10 12:42 a.m.•27 views

Cross-Site Scripting (XSS)

php is vulnerable to cross-site scripting XSS. It was discovered that PHP's htmlspecialchars function did not properly recognize partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use this flaw to perform a cross-site...

4.3CVSS1.4AI score0.06497EPSS

Exploits2References17Affected Software1

Veracode•added 2020/04/10 12:22 a.m.•38 views

Arbitrary Command Execution

php is vulnerable to arbitrary command execution. The vulnerability exists as it was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions...

10CVSS2.7AI score0.03102EPSS

Exploits0References46Affected Software14

RedhatCVE•added 2020/04/04 5:27 p.m.•51 views

CVE-2019-13224

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS5.5AI score0.04047EPSS

Exploits0References3

Mageia•added 2020/01/11 11:52 p.m.•82 views

Updated oniguruma packages fix security vulnerabilities

Updated oniguruma packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a...

9.8CVSS4.8AI score0.10539EPSS

Exploits6References6

Tenable Nessus•added 2019/11/01 12:0 a.m.•44 views

FreeBSD : samba -- multiple vulnerabilities (50a1bbc9-fb80-11e9-9e70-005056a311d1)

The samba project reports : Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full password string. Users with the 'get changes'...

6.5CVSS6.1AI score0.03515EPSS

Exploits1References7

Samba•added 2019/10/29 12:0 a.m.•45 views

Samba AD DC check password script does not receive

Description Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the "check password script" smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The...

5.4CVSS5.8AI score0.02084EPSS

Exploits0

Tenable Nessus•added 2019/10/04 12:0 a.m.•58 views

Amazon Linux AMI : oniguruma (ALAS-2019-1295)

9.8CVSS8.1AI score0.04047EPSS

Exploits0References3

Tenable Nessus•added 2019/09/30 12:0 a.m.•47 views

EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2019-2086)

According to the versions of the oniguruma package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of...

9.8CVSS8.1AI score0.06261EPSS

Exploits1References4

FreeBSD•added 2019/09/29 12:0 a.m.•61 views

samba -- multiple vulnerabilities

The samba project reports: Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full password string. Users with the "get changes"...

6.5CVSS1.6AI score0.03515EPSS

Exploits1References3

Tenable Nessus•added 2019/09/20 12:0 a.m.•45 views

Amazon Linux 2 : oniguruma (ALAS-2019-1288)

9.8CVSS8.1AI score0.04047EPSS

Exploits0References3

OpenVAS•added 2019/07/18 12:0 a.m.•34 views

Debian: Security Advisory (DLA-1854-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.04047EPSS

Exploits0References3

Debian•added 2019/07/17 3:25 p.m.•214 views

[SECURITY] [DLA 1854-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u2 CVE ID : CVE-2019-13224 Debian Bug : 931878 A use-after-free in onignewdeluxe in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacke...

9.8CVSS9.9AI score0.04047EPSS

Exploits0

NVD•added 2019/07/10 2:15 p.m.•27 views

CVE-2019-13224

9.8CVSS9.8AI score0.04047EPSS

Exploits0References8

OSV•added 2019/07/10 2:15 p.m.•2 views

DEBIAN-CVE-2019-13224

9.8CVSS7.8AI score0.04047EPSS

Exploits0References1

Prion•added 2019/07/10 2:15 p.m.•38 views

Design/Logic Flaw

7.5CVSS9.7AI score0.04047EPSS

Exploits0References8Affected Software5

CVE•added 2019/07/10 1:50 p.m.•507 views

CVE-2019-13224

Summary (CVE-2019-13224) Oniguruma 6.9.2 contains a use-after-free in onig_new_deluxe() within regext.c that can allow information disclosure, denial of service, or potentially code execution when presented with a crafted regular expression that combines a multi-byte encoded pattern and string. S...

9.8CVSS9.9AI score0.04047EPSS

Exploits0References8Affected Software1