Lucene search

K

770 matches found

CVE
CVE
added 2019/01/31 6:29 p.m.13294 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented)...

5.9CVSS6.3AI score0.57154EPSS
CVE
CVE
added 2019/01/10 9:29 p.m.5438 views

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

5.3CVSS6.3AI score0.03744EPSS
CVE
CVE
added 2019/01/31 6:29 p.m.4574 views

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This a...

6.8CVSS6.7AI score0.08063EPSS
CVE
CVE
added 2019/06/11 9:29 p.m.4396 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.4AI score0.21242EPSS
CVE
CVE
added 2019/04/08 9:29 p.m.3369 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

7.5CVSS7.5AI score0.34777EPSS
CVE
CVE
added 2019/01/30 10:29 p.m.3336 views

CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

7.5CVSS6.4AI score0.06333EPSS
CVE
CVE
added 2019/09/26 4:15 p.m.3320 views

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with pro...

6.1CVSS7.3AI score0.8299EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.2520 views

CVE-2019-9641

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

9.8CVSS9.2AI score0.51136EPSS
CVE
CVE
added 2019/09/06 11:15 a.m.2318 views

CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

10CVSS9.6AI score0.61595EPSS
CVE
CVE
added 2019/04/20 12:29 a.m.2190 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS
CVE
CVE
added 2019/02/09 2:29 p.m.1863 views

CVE-2019-7659

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ librari...

8.1CVSS8.3AI score0.00679EPSS
CVE
CVE
added 2019/12/10 7:15 p.m.1804 views

CVE-2012-1577

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

9.8CVSS9.4AI score0.00914EPSS
CVE
CVE
added 2019/07/19 11:15 p.m.1646 views

CVE-2019-12815

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

9.8CVSS9.5AI score0.94067EPSS
CVE
CVE
added 2019/07/17 1:15 p.m.1433 views

CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a par...

7.8CVSS7.7AI score0.75438EPSS
CVE
CVE
added 2019/11/27 9:15 p.m.1426 views

CVE-2011-2523

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

10CVSS9.3AI score0.94226EPSS
CVE
CVE
added 2019/10/11 7:15 p.m.1367 views

CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network f...

7.8CVSS7.5AI score0.4903EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.1134 views

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this...

7.5CVSS7.7AI score0.04359EPSS
CVE
CVE
added 2019/08/01 2:15 p.m.1127 views

CVE-2019-0193

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging...

9CVSS6.8AI score0.93129EPSS
CVE
CVE
added 2019/08/01 9:15 p.m.1075 views

CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

7.5CVSS8.7AI score0.52378EPSS
CVE
CVE
added 2019/03/08 9:29 p.m.1075 views

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse...

9.8CVSS9.4AI score0.05634EPSS
CVE
CVE
added 2019/06/19 11:15 p.m.1049 views

CVE-2019-12900

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

9.8CVSS9.6AI score0.01127EPSS
CVE
CVE
added 2019/12/20 5:15 p.m.983 views

CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2...

9.8CVSS8.8AI score0.5403EPSS
CVE
CVE
added 2019/03/23 6:29 p.m.927 views

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

9.1CVSS9.4AI score0.01166EPSS
CVE
CVE
added 2019/01/27 2:29 a.m.913 views

CVE-2019-6977

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to tri...

8.8CVSS8.6AI score0.89145EPSS
CVE
CVE
added 2019/12/23 6:15 p.m.889 views

CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user na...

7CVSS7.2AI score0.00556EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.888 views

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to a...

7.5CVSS8.3AI score0.12457EPSS
CVE
CVE
added 2019/06/07 6:29 p.m.866 views

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. Wh...

9.8CVSS9.7AI score0.05634EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.829 views

CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends wi...

9.8CVSS9.2AI score0.55249EPSS
CVE
CVE
added 2019/08/20 9:15 p.m.820 views

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

7.5CVSS7.3AI score0.00317EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.815 views

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

7.5CVSS8.3AI score0.17682EPSS
CVE
CVE
added 2019/07/26 1:15 p.m.807 views

CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

9.3CVSS7.8AI score0.43395EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.806 views

CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

7.5CVSS8.3AI score0.18274EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.778 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS
CVE
CVE
added 2019/09/20 7:15 p.m.744 views

CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9.1AI score0.00289EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.733 views

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS5.7AI score0.01345EPSS
CVE
CVE
added 2019/08/09 8:15 p.m.713 views

CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to informatio...

7.1CVSS7.2AI score0.0329EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.706 views

CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to...

7.5CVSS7.6AI score0.69522EPSS
CVE
CVE
added 2019/08/09 8:15 p.m.694 views

CVE-2019-11041

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to informatio...

7.1CVSS7.2AI score0.02817EPSS
CVE
CVE
added 2019/09/20 7:15 p.m.688 views

CVE-2019-14814

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9AI score0.00254EPSS
CVE
CVE
added 2019/02/04 8:29 a.m.688 views

CVE-2019-7317

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

5.3CVSS6.3AI score0.00576EPSS
CVE
CVE
added 2019/01/25 4:29 p.m.686 views

CVE-2018-20743

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.

7.5CVSS7.1AI score0.07515EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.666 views

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure...

6.5CVSS7AI score0.03174EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.665 views

CVE-2019-12526

An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data ov...

9.8CVSS9.2AI score0.39194EPSS
CVE
CVE
added 2019/09/24 6:15 a.m.643 views

CVE-2019-16746

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

9.8CVSS9.1AI score0.02658EPSS
CVE
CVE
added 2019/09/06 6:15 p.m.617 views

CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers ...

7.5CVSS6.7AI score0.00829EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.616 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

5.9CVSS7AI score0.49924EPSS
CVE
CVE
added 2019/06/19 12:15 a.m.615 views

CVE-2019-11038

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized var...

5.3CVSS5.5AI score0.08292EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.610 views

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure...

6.5CVSS7.1AI score0.03121EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.592 views

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo...

9CVSS8.7AI score0.84563EPSS
CVE
CVE
added 2019/07/10 7:15 p.m.587 views

CVE-2019-13132

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due t...

9.8CVSS9.6AI score0.29818EPSS
Total number of security vulnerabilities770