Max CVSS 10.0 Min CVSS 2.1 Total Count91
IDCVSSSummaryLast (major) updatePublished
CVE-2019-5785 4.3
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
27-06-2019 - 13:25 27-06-2019 - 13:15
CVE-2018-18509 5.0
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/M
26-04-2019 - 13:29 26-04-2019 - 13:29
CVE-2019-6778 4.6
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6454 4.9
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-6340 6.8
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following co
21-02-2019 - 16:29 21-02-2019 - 16:29
CVE-2018-5819 7.8
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
20-02-2019 - 13:29 20-02-2019 - 13:29
CVE-2018-5818 5.0
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
20-02-2019 - 13:29 20-02-2019 - 13:29
CVE-2018-5817 5.0
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
20-02-2019 - 13:29 20-02-2019 - 13:29
CVE-2018-20030 7.8
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
20-02-2019 - 12:29 20-02-2019 - 12:29
CVE-2019-8337 5.0
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
13-02-2019 - 15:29 13-02-2019 - 15:29
CVE-2019-8308 4.4
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
12-02-2019 - 18:29 12-02-2019 - 18:29
CVE-2019-5736 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types
11-02-2019 - 14:29 11-02-2019 - 14:29
CVE-2019-6975 5.0
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
11-02-2019 - 08:29 11-02-2019 - 08:29
CVE-2019-7397 5.0
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
04-02-2019 - 19:29 04-02-2019 - 19:29
CVE-2019-7310 6.8
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a c
02-02-2019 - 22:29 02-02-2019 - 22:29
CVE-2018-20750 7.5
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
30-01-2019 - 13:29 30-01-2019 - 13:29
CVE-2018-20749 7.5
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
30-01-2019 - 13:29 30-01-2019 - 13:29
CVE-2018-20748 7.5
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
30-01-2019 - 13:29 30-01-2019 - 13:29
CVE-2019-6978 7.5
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
28-01-2019 - 03:29 28-01-2019 - 03:29
CVE-2019-6977 6.8
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This c
26-01-2019 - 21:29 26-01-2019 - 21:29
CVE-2018-16881 5.0
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
25-01-2019 - 13:29 25-01-2019 - 13:29
CVE-2019-0015 5.5
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connecti
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2019-0010 5.0
An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted H
15-01-2019 - 16:29 15-01-2019 - 16:29
CVE-2018-16865 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remo
11-01-2019 - 16:29 11-01-2019 - 16:29
CVE-2018-16864 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash s
11-01-2019 - 15:29 11-01-2019 - 15:29
CVE-2018-19873 7.5
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-19870 6.8
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
26-12-2018 - 16:29 26-12-2018 - 16:29
CVE-2018-20365 4.3
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
22-12-2018 - 12:29 22-12-2018 - 12:29
CVE-2018-20364 4.3
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
22-12-2018 - 12:29 22-12-2018 - 12:29
CVE-2018-20363 4.3
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
22-12-2018 - 12:29 22-12-2018 - 12:29
CVE-2018-20337 6.8
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
21-12-2018 - 04:29 21-12-2018 - 04:29
CVE-2018-19134 6.8
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscri
20-12-2018 - 18:29 20-12-2018 - 18:29
CVE-2018-6307 6.8
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20024 5.0
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20022 5.0
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20020 7.5
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20019 7.5
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-15127 7.5
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-15126 7.5
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
19-12-2018 - 11:29 19-12-2018 - 11:29
CVE-2018-20230 6.8
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other
19-12-2018 - 06:29 19-12-2018 - 06:29
CVE-2018-19489 2.1
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-19364 2.1
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-15328 5.0
On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Se
12-12-2018 - 09:29 12-12-2018 - 09:29
CVE-2018-18356 6.8
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-18335 6.8
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11-12-2018 - 11:29 11-12-2018 - 11:29
CVE-2018-19935 5.0
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
07-12-2018 - 04:29 07-12-2018 - 04:29
CVE-2018-16863 9.3
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript d
03-12-2018 - 12:29 03-12-2018 - 12:29
CVE-2018-19409 7.5
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
21-11-2018 - 11:29 21-11-2018 - 11:29
CVE-2018-15688 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
29-10-2018 - 08:29 26-10-2018 - 10:29
CVE-2018-18284 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
19-10-2018 - 18:29 19-10-2018 - 18:29
CVE-2018-3214 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulner
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3183 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerabil
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3180 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3169 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthentica
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3149 5.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3139 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows un
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3136 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unau
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-18073 4.3
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-17961 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
15-10-2018 - 12:29 15-10-2018 - 12:29
CVE-2018-14647 5.0
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions
24-09-2018 - 20:29 24-09-2018 - 20:29
CVE-2018-17407 6.8
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnera
23-09-2018 - 17:29 23-09-2018 - 17:29
CVE-2018-17183 6.8
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
19-09-2018 - 11:29 19-09-2018 - 11:29
CVE-2018-10935 4.0
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
11-09-2018 - 11:29 11-09-2018 - 11:29
CVE-2018-16802 6.8
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2018-14618 10.0
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocat
05-09-2018 - 15:29 05-09-2018 - 15:29
CVE-2018-16539 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-15911 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
28-08-2018 - 00:29 28-08-2018 - 00:29
CVE-2016-8619 7.5
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-8618 7.5
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
31-07-2018 - 17:29 31-07-2018 - 17:29
CVE-2018-13988 4.3
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
25-07-2018 - 19:29 25-07-2018 - 19:29
CVE-2018-10906 4.6
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_
24-07-2018 - 16:29 24-07-2018 - 16:29
CVE-2018-1000613 7.5
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT priv
09-07-2018 - 16:29 09-07-2018 - 16:29
CVE-2017-18342 7.5
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
27-06-2018 - 08:29 27-06-2018 - 08:29
CVE-2018-12327 7.5
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whet
20-06-2018 - 10:29 20-06-2018 - 10:29
CVE-2018-1061 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
19-06-2018 - 08:29 19-06-2018 - 08:29
CVE-2018-1060 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
18-06-2018 - 10:29 18-06-2018 - 10:29
CVE-2018-1000180 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. T
05-06-2018 - 09:29 05-06-2018 - 09:29
CVE-2017-18267 4.3
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
10-05-2018 - 11:29 10-05-2018 - 11:29
CVE-2018-6485 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
01-02-2018 - 09:29 01-02-2018 - 09:29
CVE-2016-4461 9.0
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
16-10-2017 - 12:29 16-10-2017 - 12:29
CVE-2015-9019 5.0
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
11-04-2017 - 15:57 05-04-2017 - 17:59
CVE-2013-4316 10.0
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
07-12-2016 - 12:34 30-09-2013 - 17:55
CVE-2016-4465 5.0
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
28-11-2016 - 15:18 04-07-2016 - 18:59
CVE-2016-4433 5.0
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
28-11-2016 - 15:18 04-07-2016 - 18:59
CVE-2016-4431 5.0
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
28-11-2016 - 15:18 04-07-2016 - 18:59
CVE-2016-0785 9.0
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
28-11-2016 - 14:55 12-04-2016 - 12:59
CVE-2016-4436 7.5
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
21-10-2016 - 10:35 03-10-2016 - 11:59
CVE-2016-4430 6.8
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
06-10-2016 - 11:12 04-07-2016 - 18:59
CVE-2016-4438 7.5
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
06-10-2016 - 11:07 04-07-2016 - 18:59
CVE-2015-6806 5.0
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
29-09-2015 - 13:36 28-09-2015 - 16:59
CVE-2013-4310 5.8
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
05-05-2014 - 01:25 30-09-2013 - 17:55
Back to Top Mark selected
Back to Top