Lucene search
K

1286 matches found

CNVD
CNVD
added 2020/05/12 12:0 a.m.10 views

Unspecified vulnerability in slp-validate

slp-validate is a lightweight SLP Simple Ledger Protocol validator with features such as pre-broadcast validation and burn protection. slpjs is a JavaScript library for validating and building Simple Ledger Protocol SLP. A security vulnerability exists in versions of slp-validate prior to 1.2.1,...

8.6CVSS6.7AI score0.01036EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/29 12:0 a.m.63 views

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4345-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondar...

7.5CVSS7.5AI score0.0415EPSS
Exploits2References10
Github Security Blog
Github Security Blog
added 2020/04/03 3:23 p.m.112 views

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

9.8CVSS0.1AI score0.01563EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2020/03/27 12:0 a.m.6 views

ZSQL: Check for users with GRANT ANY PRIVILEGE permission

Searches for users with GRANT ANY PRIVILEGE permission and checks whether they are authorized to have it. Users with this permission can grant any permission to any user. Therefore, grant this permission only when absolutely necessary. Copyright C 2020 Greenbone Networks GmbH Some text descriptio...

7.3AI score
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/03/10 7:0 a.m.53 views

Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.11.41204, Platform Build 14.0.41143)

None None...

8CVSS7.3AI score0.10838EPSS
Exploits0
OSV
OSV
added 2020/02/18 3:15 p.m.2 views

UBUNTU-CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

9.8CVSS7.5AI score0.03434EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/02/18 3:15 p.m.29 views

CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

9.8CVSS7.4AI score0.03434EPSS
Exploits0References3
Veracode
Veracode
added 2020/01/23 3:8 a.m.17 views

Information Disclosure

schema-inspector is vulnerable to information disclosure. The vulnerability exists as the sanitize and validate functions can be bypassed, causing object's prototype properties to be enumerable...

9.8CVSS1.6AI score0.01392EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/01/22 2:15 p.m.13 views

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

9.8CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2020/01/22 2:15 p.m.29 views

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

9.8CVSS9.4AI score0.01392EPSS
Exploits0References2
Prion
Prion
added 2020/01/22 2:15 p.m.16 views

Code injection

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

7.5CVSS9.4AI score0.01392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/01/22 1:40 p.m.43 views

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

9.5AI score0.01392EPSS
Exploits0References2
CVE
CVE
added 2020/01/22 1:40 p.m.63 views

CVE-2019-10781

Schema-inspector (JS package) is affected by CVE-2019-10781 through versions before 1.6.9. A specially crafted JavaScript object can bypass sanitize() and validate(), enabling information exposure and potential property tampering. The root cause is the bypass of input sanitisation/validation with...

9.8CVSS9.3AI score0.01392EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/01/21 11:15 p.m.1 views

UBUNTU-CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...

7.5CVSS6.8AI score0.04387EPSS
Exploits0References4
Prion
Prion
added 2020/01/21 7:15 a.m.15 views

Heap overflow

Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909...

7.2CVSS8.4AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2020/01/21 6:30 a.m.97 views

CVE-2019-10602

CVE-2019-10602 affects Qualcomm display components (display HW composer) on Snapdragon platforms (APQ8053, APQ8096AU/APQ8098, MDM9…/MSM89xx, SDM845, SM8150, etc.). Description: potential use-after-free heap error during Validate/Present calls in the display HW composer, leading to local impact wi...

7.8CVSS8.3AI score0.00202EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/12/30 8:15 p.m.39 views

CVE-2019-19032

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...

8.1CVSS8.1AI score0.04512EPSS
Exploits5References2
Prion
Prion
added 2019/12/30 8:15 p.m.12 views

Xxe

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...

5.5CVSS8.1AI score0.04512EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2019/12/30 7:15 p.m.37 views

CVE-2019-19032

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...

8.1AI score0.04512EPSS
Exploits5References2
CVE
CVE
added 2019/12/30 7:15 p.m.110 views

CVE-2019-19032

XMLBlueprint XML Editor version 16.191112 and earlier is affected by XML External Entity (XXE) Injection (CVE-2019-19032). A crafted XML payload can trigger the XML Validate function to read arbitrary files, enabling Arbitrary File Read during validation. The vulnerability is linked to the XML Ex...

8.1CVSS8AI score0.04512EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder