Lucene search
K

123 matches found

Debian CVE
Debian CVE
added 2020/02/25 4:38 p.m.24 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

10CVSS9.7AI score0.889EPSS
Exploits10
AlpineLinux
AlpineLinux
added 2020/02/25 4:38 p.m.37 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

10CVSS9.7AI score0.889EPSS
Exploits10
ATTACKERKB
ATTACKERKB
added 2020/02/25 12:0 a.m.92 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

10CVSS9.8AI score0.98946EPSS
In wildExploits37References14
NVD
NVD
added 2019/06/17 7:15 p.m.17 views

CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

8.8CVSS8.6AI score0.03219EPSS
Exploits0References4
OSV
OSV
added 2019/06/17 7:15 p.m.3 views

ALPINE-CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

8.8CVSS7.4AI score0.03219EPSS
Exploits0References1
OSV
OSV
added 2019/06/17 7:15 p.m.29 views

CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

8.8CVSS8.6AI score
Exploits0References4
OSV
OSV
added 2019/06/17 7:15 p.m.2 views

DEBIAN-CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

8.8CVSS9.3AI score0.03219EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/06/11 5:33 a.m.5 views

rubygems: Installing a malicious gem may lead to arbitrary code execution

A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.3AI score0.03219EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/05/13 9:24 a.m.3 views

rubygems: Installing a malicious gem may lead to arbitrary code execution

A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.3AI score0.03219EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/05/13 9:20 a.m.6 views

rubygems: Installing a malicious gem may lead to arbitrary code execution

A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.3AI score0.03219EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2019/04/02 12:0 a.m.81 views

Debian: Security Advisory (DLA-1735-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.4AI score0.04212EPSS
Exploits1References3
OSV
OSV
added 2019/03/27 12:0 a.m.4 views

UBUNTU-CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

8.8CVSS7.3AI score0.03219EPSS
Exploits0References7
CNVD
CNVD
added 2019/03/07 12:0 a.m.1 views

RubyGems Code Execution Vulnerability (CNVD-2019-12149)

RubyGems is a Ruby package manager from the RubyGems organization. The product is mainly used for publishing and managing Ruby packages. A security vulnerability exists in RubyGems versions 2.6 through 3.0.2, which stems from the program not properly handling gem with multiple lines in the name.A...

8.8CVSS9.3AI score0.03219EPSS
Exploits0References1
myhack58
myhack58
added 2017/05/26 12:0 a.m.514 views

hackerone vulnerability: how to use XSSI to steal a multi-line string-vulnerability warning-the black bar safety net

First of all, I assume that students already know what isXSSI. If you don't know the words, you can have a look below this paragraph is taken from the identity-based XXSI attack on the simple introduction: Cross-site scripting: XSSI - Cross Site Script Inclusion is a way to allow an attacker to...

7AI score
Exploits0
myhack58
myhack58
added 2017/03/15 12:0 a.m.27 views

The regular expression uses the improper triggering of the system command execution vulnerability-vulnerability warning-the black bar safety net

Sometimes, through a regular expression to the string of white list filter is not good。 This example demonstrates a regular expression in the string to the white list filter of time may lead to the OSCI(Operating System Command Injection)vulnerabilities. 0x01 text The test code is as follows:...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/05 12:0 a.m.262 views

Fedora 20 : php-5.5.22-1.fc20 (2015-2328)

19 Feb 2015, PHP 5.5.22 Core : - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68925 Mitigation for CVE-2015-0235 ' GHOST: glibc gethostbyname buffer overflow. Stas - Fixed bug 68942 Use after free vulnerability in unserialize with...

10CVSS7.7AI score0.94859EPSS
Exploits38References1
Tenable Nessus
Tenable Nessus
added 2015/02/24 12:0 a.m.64 views

Fedora 21 : php-5.6.6-1.fc21 (2015-2315)

19 Feb 2015, PHP 5.6.6 Core : - Removed support for multi-line headers, as the are deprecated by RFC 7230. Stas - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68942 Use after free vulnerability in unserialize with DateTimeZone...

10CVSS7.7AI score0.94859EPSS
Exploits38References1
Tenable Nessus
Tenable Nessus
added 2012/05/02 12:0 a.m.82 views

PHP < 5.3.11 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magicquotesgpc' directive are not handled properly. This can...

6.8CVSS8.5AI score0.10173EPSS
Exploits4References10
NVD
NVD
added 2011/04/27 1:25 a.m.18 views

CVE-2011-1718

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data...

4.3CVSS6.4AI score0.02445EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2011/04/27 1:25 a.m.2 views

CVE-2011-1718

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data...

4.3CVSS5.5AI score0.02445EPSS
Exploits0References10
Rows per page
Query Builder