Lucene search
K
CvelistMost viewed

364843 matches found

Cvelist
Cvelist
•added 2020/02/11 8:35 a.m.•54 views

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

8.2AI score0.04719EPSS
Exploits0References5
Cvelist
Cvelist
•added 2020/02/03 2:15 p.m.•54 views

CVE-2013-2621

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL...

6.1AI score0.10692EPSS
Exploits4References3
Cvelist
Cvelist
•added 2020/01/21 4:29 p.m.•54 views

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

5.5AI score0.00967EPSS
Exploits8References6
Cvelist
Cvelist
•added 2019/11/25 2:22 p.m.•54 views

CVE-2019-5867

Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.4AI score0.00698EPSS
Exploits0References2
Cvelist
Cvelist
•added 2019/10/25 6:14 p.m.•54 views

CVE-2019-17139

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS8.8AI score0.05783EPSS
Exploits0References2
Cvelist
Cvelist
•added 2019/10/24 12:0 a.m.•54 views

CVE-2019-18413

In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...

3.7CVSS9.6AI score0.01987EPSS
Exploits1References4
Cvelist
Cvelist
•added 2019/10/11 4:21 p.m.•54 views

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

5.6AI score0.49236EPSS
Exploits5References2
Cvelist
Cvelist
•added 2019/09/26 2:21 p.m.•54 views

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

8.1AI score0.52873EPSS
Exploits0References17
Cvelist
Cvelist
•added 2019/08/26 12:0 p.m.•55 views

CVE-2016-10931

An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification...

7.7AI score0.00745EPSS
Exploits0References1
Cvelist
Cvelist
•added 2019/08/13 8:50 p.m.•54 views

CVE-2019-9518 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.5CVSS7.6AI score0.25448EPSS
Exploits0References27
Cvelist
Cvelist
•added 2019/07/23 10:31 p.m.•54 views

CVE-2019-2739

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

5.5AI score0.0079EPSS
Exploits0References14
Cvelist
Cvelist
•added 2019/06/21 6:11 p.m.•54 views

CVE-2019-10719

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...

9.1AI score0.07595EPSS
Exploits11References3
Cvelist
Cvelist
•added 2019/06/18 11:28 p.m.•54 views

CVE-2019-11038 Uninitialized read in gdImageCreateFromXbm

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

3.1CVSS6.2AI score0.04332EPSS
Exploits1References18
Cvelist
Cvelist
•added 2019/05/08 1:17 p.m.•54 views

CVE-2019-8387

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component...

9.7AI score0.55721EPSS
Exploits5References3
Cvelist
Cvelist
•added 2019/04/23 6:16 p.m.•54 views

CVE-2019-2614

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

4.8AI score0.0281EPSS
Exploits0References14
Cvelist
Cvelist
•added 2019/03/05 11:0 p.m.•54 views

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

7.5AI score0.02296EPSS
Exploits0References8
Cvelist
Cvelist
•added 2019/02/18 12:0 a.m.•54 views

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...

5AI score0.00588EPSS
Exploits1References1
Cvelist
Cvelist
•added 2019/01/27 2:0 a.m.•54 views

CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

8.7AI score0.64265EPSS
Exploits7References19
Cvelist
Cvelist
•added 2019/01/08 9:0 p.m.•54 views

CVE-2019-0558

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint,...

5.3AI score0.01996EPSS
Exploits0References2
Cvelist
Cvelist
•added 2018/10/11 3:0 p.m.•54 views

CVE-2018-9206

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload = v9.22.0...

9.4AI score0.97107EPSS
Exploits15References7
Cvelist
Cvelist
•added 2018/09/13 12:0 a.m.•54 views

CVE-2018-8466

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465,...

7.5AI score0.69019EPSS
Exploits2References4
Cvelist
Cvelist
•added 2018/09/13 12:0 a.m.•54 views

CVE-2018-8269

A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData...

7.4AI score0.25745EPSS
Exploits5References3
Cvelist
Cvelist
•added 2018/08/27 5:0 p.m.•54 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

5.1CVSS7.3AI score0.01244EPSS
Exploits0References4
Cvelist
Cvelist
•added 2018/07/18 1:0 p.m.•54 views

CVE-2018-3066

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

3.7AI score0.01933EPSS
Exploits0References12
Cvelist
Cvelist
•added 2018/07/18 1:0 p.m.•54 views

CVE-2018-3058

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: MyISAM. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4.3AI score0.02431EPSS
Exploits0References12
Cvelist
Cvelist
•added 2018/07/11 12:0 a.m.•54 views

CVE-2018-8283

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291,...

6.9AI score0.13959EPSS
Exploits0References2
Cvelist
Cvelist
•added 2018/02/09 11:0 p.m.•54 views

CVE-2018-1000049

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

7.9AI score0.77297EPSS
Exploits7References9
Cvelist
Cvelist
•added 2017/10/19 5:0 p.m.•54 views

CVE-2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

5.9AI score0.0228EPSS
Exploits0References11
Cvelist
Cvelist
•added 2017/10/19 5:0 p.m.•54 views

CVE-2017-10384

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.3AI score0.03078EPSS
Exploits0References11
Cvelist
Cvelist
•added 2017/10/03 3:0 p.m.•54 views

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

7.7AI score0.99988EPSS
Exploits23References44
Cvelist
Cvelist
•added 2017/07/11 9:0 p.m.•54 views

CVE-2017-8467

Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k...

7AI score0.00975EPSS
Exploits0References3
Cvelist
Cvelist
•added 2016/09/07 7:0 p.m.•54 views

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

7.6AI score0.03903EPSS
Exploits0References5
Cvelist
Cvelist
•added 2016/09/01 12:0 a.m.•54 views

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

6.6AI score0.95707EPSS
Exploits7References135
Cvelist
Cvelist
•added 2016/01/22 3:0 p.m.•54 views

CVE-2015-7744

wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...

6AI score0.05031EPSS
Exploits1References9
Cvelist
Cvelist
•added 2015/07/16 10:0 a.m.•54 views

CVE-2015-2620

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges...

4.6AI score0.04715EPSS
Exploits0References15
Cvelist
Cvelist
•added 2015/07/16 10:0 a.m.•54 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML...

4.7AI score0.04328EPSS
Exploits0References15
Cvelist
Cvelist
•added 2015/01/21 7:0 p.m.•54 views

CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key...

6.3AI score0.0394EPSS
Exploits0References18
Cvelist
Cvelist
•added 2014/12/20 11:0 a.m.•54 views

CVE-2014-8142

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys...

9.1AI score0.53166EPSS
Exploits8References17
Cvelist
Cvelist
•added 2014/12/19 3:0 p.m.•54 views

CVE-2014-8793

Cross-site scripting XSS vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refreshpage parameter to www/admin/report-generate.php...

5.6AI score0.02309EPSS
Exploits3References8
Cvelist
Cvelist
•added 2014/10/25 9:0 p.m.•54 views

CVE-2014-1927

The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...

7.2AI score0.03388EPSS
Exploits2References7
Cvelist
Cvelist
•added 2014/10/15 10:3 p.m.•54 views

CVE-2014-6555

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML...

6.3AI score0.03896EPSS
Exploits0References8
Cvelist
Cvelist
•added 2014/10/15 10:3 p.m.•54 views

CVE-2014-6520

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...

6.3AI score0.02644EPSS
Exploits0References4
Cvelist
Cvelist
•added 2014/10/15 3:15 p.m.•54 views

CVE-2014-6478

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL...

6.5AI score0.02554EPSS
Exploits0References5
Cvelist
Cvelist
•added 2014/10/15 3:15 p.m.•54 views

CVE-2014-6484

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML...

6.3AI score0.02667EPSS
Exploits0References4
Cvelist
Cvelist
•added 2014/08/03 6:0 p.m.•54 views

CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

7AI score0.11892EPSS
Exploits10References5
Cvelist
Cvelist
•added 2014/07/17 10:0 a.m.•54 views

CVE-2014-4243

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED...

5AI score0.03404EPSS
Exploits0References10
Cvelist
Cvelist
•added 2014/07/17 2:36 a.m.•54 views

CVE-2014-4207

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR...

6.2AI score0.03911EPSS
Exploits0References12
Cvelist
Cvelist
•added 2014/07/07 2:0 p.m.•55 views

CVE-2014-0035

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

6AI score0.07053EPSS
Exploits0References14
Cvelist
Cvelist
•added 2014/05/09 1:0 a.m.•54 views

CVE-2014-3214

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes...

6.3AI score0.17259EPSS
Exploits0References3
Cvelist
Cvelist
•added 2013/04/17 2:0 p.m.•54 views

CVE-2013-2375

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

4.6AI score0.02262EPSS
Exploits0References5
Total number of security vulnerabilities5000