206309 matches found
CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner." Mitigation An user can mitigate the risk of this vulnerability by: 1 Avoid using...
CVE-2018-18690
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfsattrshortformaddname in fs/xfs/libxfs/xfsattr.c...
CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...
CVE-2016-9793
A flaw was found in the Linux kernel's implementation of setsockopt for the SOSND|RCVBUFFORCE setsockopt system call. Users with non-namespace CAPNETADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect...
CVE-2018-3139
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2019-11761
A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network...
CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4getgroupinfo function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image...
CVE-2018-2603
It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...
CVE-2019-16231
A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the allocworkqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system...
CVE-2019-10906
A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability. Mitigation If you cannot upgrade python-Jinja2, you can override the issafeattribute meth...
CVE-2016-10708
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...
CVE-2018-10930
A flaw was found in RPC request using gfs3renamereq in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. Mitigation To limit exposure of gluster server nodes : 1. gluster server should be on LAN and not reachable from public...
CVE-2018-14041
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting...
CVE-2018-16889
It was found that Ceph RGW did not properly sanitize encryption keys in debug logging for v4 auth. Encryption keys could be inadvertently disclosed when sharing debug logs...
CVE-2019-16869
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling. Mitigation Use HTTP/2 instead clear boundaries between requests Disable reuse of backend connections eg. http-reuse never in HAProxy or whateve...
CVE-2019-11253
A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a "billion laughs" attack. The highest threat from this vulnerability is to system availability...
CVE-2018-21010
A heap-based buffer overflow has been discovered in OpenJPEG in the function colorapplyiccprofile, while applying the color transformation. An application that uses OpenJPEG to parse untrusted images may be vulnerable to this flaw, which would allow an attacker to crash the application or...
CVE-2019-15846
An out-of-bounds write flaw was found in exim. The function fails to correctly handle situations when a backslash is the last character of the input string and incorrectly sets the pointer that is supposed to point to the last character of the escape sequence upon function exit. That leads to...
CVE-2019-9852
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
CVE-2019-10208
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. Mitigation If your use case requires SECURITY DEFINER...
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...
CVE-2019-11039
Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...
CVE-2019-5018
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...
CVE-2009-5155
In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...
CVE-2018-16858
It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system...
CVE-2018-16880
A flaw was found in the Linux kernel's handlerx function in the vhostnet driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the...
CVE-2019-2510
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2018-20023
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...
CVE-2018-17479
Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2018-17966
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c...
CVE-2018-16540
It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScrip...
CVE-2018-16062
An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarfgetaranges in dwarfgetaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a...
CVE-2018-12910
An out-of-bounds read has been discovered in libsoup when getting cookies from a URI with empty hostname. An attacker may use this flaw to cause a crash in the application...
CVE-2018-11813
libjpeg 9c has a large loop because readpixel in rdtarga.c mishandles EOF...
CVE-2018-10547
An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...
CVE-2018-2771
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Locking. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...
CVE-2018-1275
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
CVE-2018-1000130
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...
CVE-2018-6058
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11215. Reason: This candidate is a reservation duplicate of CVE-2017-11215. Notes: All CVE users should reference CVE-2017-11215 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2017-18211
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel...
CVE-2017-3737
OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...
CVE-2017-17045
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service BUG and host OS crash by leveraging the mishandling of Populate on Demand PoD Physical-to-Machine P2M errors...
CVE-2017-10349
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2017-13084
Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Station-To-Station-Link STSL Transient Key STK during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...
CVE-2017-14955
CheckMK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report...
CVE-2017-14492
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement RA handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one o...
CVE-2017-14317
A domain cleanup issue was discovered in the C xenstore daemon aka cxenstored in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it including domain...
CVE-2017-1000116
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository...
CVE-2017-8831
The saa7164busget function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allows users able to plant rogue PCI device on the system to cause a denial of service out-of-bounds array access or possibly have unspecified other impact by changing a certain sequence-number value, aka a...