Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Enterprise Linux Security Vulnerabilities - February 2020

cve
cve

CVE-2009-4067

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.

6.8CVSS

7.7AI Score

0.003EPSS

2020-02-11 07:15 PM
68
8
cve
cve

CVE-2012-4512

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

8.8CVSS

8AI Score

0.02EPSS

2020-02-08 07:15 PM
104
cve
cve

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demons...

9.8CVSS

7.5AI Score

0.263EPSS

2020-02-20 05:15 PM
307
2
cve
cve

CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

9.8CVSS

9.8AI Score

0.004EPSS

2020-02-17 10:15 PM
96
cve
cve

CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.

9.8CVSS

9AI Score

0.013EPSS

2020-02-08 07:15 PM
186
cve
cve

CVE-2019-15604

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

7.5CVSS

8.2AI Score

0.003EPSS

2020-02-07 03:15 PM
212
3
cve
cve

CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8CVSS

9.5AI Score

0.005EPSS

2020-02-07 03:15 PM
413
5
cve
cve

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

9.8CVSS

9.4AI Score

0.013EPSS

2020-02-07 03:15 PM
232
2
cve
cve

CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this fla...

7.7CVSS

6.4AI Score

0.004EPSS

2020-02-11 08:15 PM
353
cve
cve

CVE-2020-1726

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time...

5.9CVSS

5.5AI Score

0.002EPSS

2020-02-11 08:15 PM
182