Lucene search
+L

304 matches found

vulnersOsv
vulnersOsv
added 2019/10/21 9:58 p.m.6 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10759 via safer-eval (=1.2.3)

safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10759 Source advisory: OSV:GHSA-R3X4-WR4H-PW33...

9.9CVSS7.3AI score0.01787EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/09/19 12:0 a.m.33 views

Debian DLA-1926-1 : thunderbird security update

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message. For Debian 8 'Jessie', these...

9.3CVSS7.6AI score0.0216EPSS
Exploits1References9
CNVD
CNVD
added 2019/07/29 12:0 a.m.6 views

SSDP Responder Buffer Overflow Vulnerability

SSDP Responder is an SSDP Simple Service Discovery Protocol daemon for the Linux platform. A buffer overflow vulnerability exists in ssdprecv in the ssdpd.c file in SSDP Responder versions 1.x through 1.5, which can be exploited by an attacker to cause a server crash...

7.5CVSS7.1AI score0.01652EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2019/07/26 12:0 a.m.20 views

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation: Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. Prevent a denial-of-service...

3.1AI score
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2019/07/19 12:0 a.m.40 views

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

7.5CVSS7.4AI score0.03855EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/17 2:15 p.m.44 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS6.7AI score0.01884EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/07/17 1:59 p.m.34 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.4AI score0.01884EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/06/18 12:0 a.m.26 views

Debian DLA-1820-1 : thunderbird security update

Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 'Jessie', these problems have been fixed in version 1:60.7.1-1deb8u1. We recommend that you upgrade your thunderbird packages. NOTE: Tenable...

9.8CVSS7.8AI score0.10527EPSS
Exploits14References6
Debian
Debian
added 2019/06/17 7:38 a.m.198 views

[SECURITY] [DLA 1820-1] thunderbird security update

Package : thunderbird Version : 1:60.7.1-1deb8u1 CVE ID : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 "Jessie", these proble...

9.8CVSS9.7AI score0.10527EPSS
Exploits14
CNVD
CNVD
added 2019/06/13 12:0 a.m.5 views

SAP HANA Extended Application Services Information Disclosure Vulnerability (CNVD-2019-34744)

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...

4.3CVSS6.1AI score0.00897EPSS
Exploits0References1
ALT Linux
ALT Linux
added 2019/05/22 12:0 a.m.80 views

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1

May 22, 2019 Alexey Shabalin 1:2.9.9.0.52.f824-alt1 - v2.9.4-12-ge905f08 - v2.9.9-52-gf824a4bd fixes: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-5969, CVE-2018-14404, CVE-2018-9251, CVE-2018-14567...

5CVSS6.7AI score0.04888EPSS
Exploits6
ALT Linux
ALT Linux
added 2019/05/22 12:0 a.m.36 views

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1

May 22, 2019 Alexey Shabalin 1:2.9.9.0.52.f824-alt1 - v2.9.4-12-ge905f08 - v2.9.9-52-gf824a4bd fixes: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-5969, CVE-2018-14404, CVE-2018-9251, CVE-2018-14567...

5CVSS6.7AI score0.04888EPSS
Exploits6
myhack58
myhack58
added 2019/04/06 12:0 a.m.238 views

Confluence Server Remote Code Execution Vulnerability-vulnerability warning-the black bar safety net

Atlassian company for Confluence Server and Data Center products used in the widgetconnecter Assemblyversion Network Vine CRS/ARS products have full support for the vulnerability detection and verification, 网藤用户可直接登陆www.riskivy.com for verification. ! A, scope of impact Product Confluence Server...

1.3AI score
Exploits0
Debian
Debian
added 2019/02/08 9:29 p.m.297 views

[SECURITY] [DLA 1669-1] libreoffice security update

Package : libreoffice Version : 1:4.3.3-2+deb8u12 CVE ID : CVE-2018-16858 Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document. For Debian 8 "Jessie", this problem has been fixed in version...

9.8CVSS7.5AI score0.67321EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2019/02/06 12:0 a.m.65 views

Debian DSA-4385-1 : dovecot - security update

halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else...

7.7CVSS6.5AI score0.02417EPSS
Exploits1References4
PyPA
PyPA
added 2019/02/04 5:29 p.m.8 views

PYSEC-2019-169

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...

5.5CVSS6.5AI score0.00605EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2019/01/15 8:59 a.m.28 views

Denial Of Service (DoS)

qemu-kvm is vulnerable to denial of service DoS attacks. The vulnerability exists through an integer overflow issue in the qcowopen function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service crash via a large L2 table in a QCOW version 1 image...

7.5CVSS6.8AI score0.02116EPSS
Exploits1References20Affected Software2
OSV
OSV
added 2018/10/16 8:51 p.m.3 views

GHSA-96JQ-75WH-2658 Moderate severity vulnerability that affects apache axis

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services...

6.1CVSS6.7AI score0.10554EPSS
Exploits0References20
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/28 4:30 a.m.34 views

Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-5382 DESCRIPTION: Bouncy Castle could allow a local attacker to obtain sensitive information, caused by an error in the BKS version 1 keystore files. By utilizing an HMAC that is only 16...

4.4CVSS0.5AI score0.00262EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/09/14 8:29 p.m.16 views

CVE-2018-11087

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.9CVSS5.4AI score0.01268EPSS
Exploits0References1
Rows per page
Query Builder