Lucene search

K

105 matches found

CVE
CVE
added 2019/04/08 10:29 p.m.14221 views

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually ro...

7.8CVSS7.2AI score0.86076EPSS
CVE
CVE
added 2019/06/11 9:29 p.m.4405 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.4AI score0.22292EPSS
CVE
CVE
added 2019/04/08 9:29 p.m.3379 views

CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

7.5CVSS7.5AI score0.32738EPSS
CVE
CVE
added 2019/04/20 12:29 a.m.2207 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.01294EPSS
CVE
CVE
added 2019/01/30 10:29 p.m.1103 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

5.3CVSS6.1AI score0.0486EPSS
CVE
CVE
added 2019/03/08 9:29 p.m.1082 views

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse...

9.8CVSS9.4AI score0.09135EPSS
CVE
CVE
added 2018/12/11 5:29 p.m.997 views

CVE-2018-20060

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

9.8CVSS7.8AI score0.00481EPSS
CVE
CVE
added 2018/12/23 11:29 p.m.857 views

CVE-2018-20406

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

7.5CVSS8.1AI score0.01206EPSS
CVE
CVE
added 2019/05/03 8:29 p.m.557 views

CVE-2019-11036

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

9.1CVSS7AI score0.00903EPSS
CVE
CVE
added 2019/03/21 9:29 p.m.557 views

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

9.3CVSS8.7AI score0.13214EPSS
CVE
CVE
added 2019/04/09 4:29 p.m.543 views

CVE-2019-3880

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions befor...

5.5CVSS5.6AI score0.03009EPSS
CVE
CVE
added 2018/06/18 2:29 p.m.481 views

CVE-2018-1060

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

7.5CVSS7.4AI score0.01055EPSS
CVE
CVE
added 2019/05/10 10:29 p.m.468 views

CVE-2019-11884

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

3.3CVSS5.6AI score0.00096EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.445 views

CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

8.8CVSS8.9AI score0.04685EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.439 views

CVE-2019-7221

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

7.8CVSS7.5AI score0.00128EPSS
CVE
CVE
added 2018/06/19 12:29 p.m.433 views

CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

7.5CVSS7.4AI score0.01374EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.432 views

CVE-2019-3857

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects ...

8.8CVSS8.9AI score0.04685EPSS
CVE
CVE
added 2019/04/25 3:29 p.m.423 views

CVE-2019-3900

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to st...

7.7CVSS8.4AI score0.00112EPSS
CVE
CVE
added 2019/04/07 12:29 a.m.390 views

CVE-2019-10906

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

8.6CVSS8.4AI score0.01473EPSS
CVE
CVE
added 2019/03/07 11:29 p.m.378 views

CVE-2018-14498

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

6.5CVSS6.7AI score0.00338EPSS
CVE
CVE
added 2018/10/01 8:29 a.m.368 views

CVE-2018-17847

The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.

7.5CVSS7.2AI score0.00906EPSS
CVE
CVE
added 2018/10/01 8:29 a.m.357 views

CVE-2018-17848

The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.

7.5CVSS7.2AI score0.01025EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.357 views

CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

9.1CVSS8.8AI score0.01028EPSS
CVE
CVE
added 2019/05/15 4:29 p.m.356 views

CVE-2019-8936

NTP through 4.2.8p12 has a NULL Pointer Dereference.

7.5CVSS7.4AI score0.08689EPSS
CVE
CVE
added 2019/03/14 10:29 p.m.354 views

CVE-2019-3816

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

7.5CVSS7.3AI score0.00979EPSS
CVE
CVE
added 2018/05/17 4:29 p.m.353 views

CVE-2018-1111

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw t...

7.9CVSS7.9AI score0.88259EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.311 views

CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

5.5CVSS6.4AI score0.00038EPSS
CVE
CVE
added 2019/02/11 1:29 p.m.295 views

CVE-2019-6975

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

7.5CVSS7.3AI score0.05544EPSS
CVE
CVE
added 2019/05/09 4:29 a.m.283 views

CVE-2019-11831

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.

9.8CVSS9.3AI score0.01341EPSS
CVE
CVE
added 2019/03/14 10:29 p.m.283 views

CVE-2019-3833

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

7.5CVSS7.2AI score0.04069EPSS
CVE
CVE
added 2019/03/21 4:0 p.m.274 views

CVE-2018-19872

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

5.5CVSS5AI score0.00276EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.274 views

CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

7.8CVSS8.1AI score0.62738EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.242 views

CVE-2019-9499

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection w...

8.1CVSS8AI score0.02246EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.237 views

CVE-2019-9494

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hos...

5.9CVSS6.5AI score0.01574EPSS
CVE
CVE
added 2019/03/08 5:29 a.m.233 views

CVE-2019-9631

Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

9.8CVSS6.8AI score0.02876EPSS
CVE
CVE
added 2018/12/20 3:29 p.m.231 views

CVE-2018-1000852

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear ...

6.5CVSS7.6AI score0.00707EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.231 views

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS6.3AI score0.01339EPSS
CVE
CVE
added 2018/08/24 7:29 p.m.229 views

CVE-2018-14599

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

9.8CVSS9.4AI score0.01951EPSS
CVE
CVE
added 2018/08/14 6:29 p.m.228 views

CVE-2018-14348

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.

8.1CVSS7.7AI score0.00617EPSS
CVE
CVE
added 2019/01/02 7:29 a.m.225 views

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

7.8CVSS7.1AI score0.00117EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.225 views

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

7.3CVSS5.6AI score0.01038EPSS
CVE
CVE
added 2019/02/07 7:29 a.m.224 views

CVE-2019-7577

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

8.8CVSS8.8AI score0.03122EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.222 views

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful att...

4.3CVSS6.7AI score0.03149EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.219 views

CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not imp...

8.1CVSS8AI score0.1169EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.218 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaini...

8.1CVSS7.9AI score0.01603EPSS
CVE
CVE
added 2019/01/03 1:29 p.m.214 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00468EPSS
CVE
CVE
added 2018/12/04 9:29 a.m.211 views

CVE-2018-19841

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

5.5CVSS5.5AI score0.00253EPSS
CVE
CVE
added 2018/12/04 9:29 a.m.210 views

CVE-2018-19840

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

5.5CVSS5.3AI score0.00353EPSS
CVE
CVE
added 2018/11/29 6:29 p.m.208 views

CVE-2018-8786

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

9.8CVSS9.7AI score0.21915EPSS
CVE
CVE
added 2019/01/14 8:29 a.m.206 views

CVE-2019-6251

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

8.1CVSS5.8AI score0.02368EPSS
Total number of security vulnerabilities105