Max CVSS 10.0 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-10086 7.5
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
23-10-2020 - 16:15 20-08-2019 - 21:15
CVE-2017-10664 5.0
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
23-10-2020 - 15:23 02-08-2017 - 19:29
CVE-2019-5736 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types
23-10-2020 - 14:33 11-02-2019 - 19:29
CVE-2014-6055 6.5
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) d
23-10-2020 - 13:15 30-09-2014 - 16:55
CVE-2018-15127 7.5
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
23-10-2020 - 13:15 19-12-2018 - 16:29
CVE-2018-7225 7.5
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
23-10-2020 - 13:15 19-02-2018 - 15:29
CVE-2020-8174 9.3
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
23-10-2020 - 09:15 24-07-2020 - 22:15
CVE-2019-9518 7.8
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT
22-10-2020 - 17:23 13-08-2019 - 21:15
CVE-2019-9516 7.8
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h
22-10-2020 - 17:22 13-08-2019 - 21:15
CVE-2019-9517 7.8
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so
22-10-2020 - 17:22 13-08-2019 - 21:15
CVE-2019-9514 7.8
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p
22-10-2020 - 17:21 13-08-2019 - 21:15
CVE-2019-9513 7.8
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the
22-10-2020 - 17:21 13-08-2019 - 21:15
CVE-2013-0170 6.8
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (c
22-10-2020 - 15:40 08-02-2013 - 20:55
CVE-2018-10846 1.9
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain
22-10-2020 - 13:19 22-08-2018 - 13:29
CVE-2018-10583 5.0
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg with
21-10-2020 - 13:15 01-05-2018 - 16:29
CVE-2019-5482 7.5
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
20-10-2020 - 22:15 16-09-2019 - 19:15
CVE-2020-9490 5.0
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
20-10-2020 - 22:15 07-08-2020 - 16:15
CVE-2018-8088 7.5
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
20-10-2020 - 22:15 20-03-2018 - 16:29
CVE-2020-9484 4.4
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste
20-10-2020 - 22:15 20-05-2020 - 19:15
CVE-2017-9800 7.5
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user
20-10-2020 - 22:15 11-08-2017 - 21:29
CVE-2019-5436 4.6
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
20-10-2020 - 22:15 28-05-2019 - 19:29
CVE-2020-1938 7.5
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
20-10-2020 - 22:15 24-02-2020 - 22:15
CVE-2019-15903 5.0
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-r
20-10-2020 - 22:15 04-09-2019 - 06:15
CVE-2019-1563 4.3
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decryp
20-10-2020 - 22:15 10-09-2019 - 17:15
CVE-2016-6306 4.3
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
20-10-2020 - 22:15 26-09-2016 - 19:59
CVE-2019-12384 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be
20-10-2020 - 22:15 24-06-2019 - 16:15
CVE-2016-2183 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
20-10-2020 - 22:15 01-09-2016 - 00:59
CVE-2019-11479 5.0
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial
20-10-2020 - 22:15 19-06-2019 - 00:15
CVE-2020-11080 5.0
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e
20-10-2020 - 22:15 03-06-2020 - 23:15
CVE-2020-10673 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
20-10-2020 - 22:15 18-03-2020 - 22:15
CVE-2020-10108 7.5
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as
20-10-2020 - 22:15 12-03-2020 - 13:15
CVE-2020-15646 4.3
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a s
20-10-2020 - 12:56 08-10-2020 - 14:15
CVE-2019-6477 5.0
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resourc
20-10-2020 - 12:15 26-11-2019 - 16:15
CVE-2018-5741 4.0
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client,
20-10-2020 - 12:15 16-01-2019 - 20:29
CVE-2020-8617 5.0
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local se
20-10-2020 - 12:15 19-05-2020 - 14:15
CVE-2019-3827 3.3
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can
19-10-2020 - 18:06 25-03-2019 - 18:29
CVE-2019-3820 4.6
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions
19-10-2020 - 17:46 06-02-2019 - 20:29
CVE-2019-3815 2.1
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A
19-10-2020 - 17:44 28-01-2019 - 15:29
CVE-2013-6425 5.0
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
19-10-2020 - 17:42 18-01-2014 - 19:55
CVE-2020-14352 8.5
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the
18-10-2020 - 18:15 30-08-2020 - 15:15
CVE-2020-15678 6.8
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidat
17-10-2020 - 11:15 01-10-2020 - 19:15
CVE-2018-12900 6.8
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a cr
16-10-2020 - 20:15 26-06-2018 - 22:29
CVE-2019-15695 6.5
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from
16-10-2020 - 20:00 26-12-2019 - 16:15
CVE-2019-3900 6.8
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest
16-10-2020 - 17:53 25-04-2019 - 15:29
CVE-2019-3883 5.0
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are
16-10-2020 - 17:39 17-04-2019 - 14:29
CVE-2019-14817 6.8
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could dis
16-10-2020 - 13:21 03-09-2019 - 16:15
CVE-2017-9798 5.0
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2
15-10-2020 - 16:12 18-09-2017 - 15:29
CVE-2016-2857 3.6
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
15-10-2020 - 14:45 12-04-2016 - 02:00
CVE-2019-3839 6.8
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o
15-10-2020 - 14:31 16-05-2019 - 19:29
CVE-2019-3844 4.6
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker
15-10-2020 - 14:09 26-04-2019 - 21:29
CVE-2019-3838 4.3
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the cons
15-10-2020 - 14:05 25-03-2019 - 19:29
CVE-2018-7750 7.5
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is co
15-10-2020 - 13:31 13-03-2018 - 18:29
CVE-2018-5748 5.0
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
15-10-2020 - 13:28 25-01-2018 - 16:29
CVE-2018-7858 2.1
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when up
15-10-2020 - 13:28 12-03-2018 - 21:29
CVE-2019-7221 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
15-10-2020 - 13:28 21-03-2019 - 16:01
CVE-2018-9568 7.2
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi
15-10-2020 - 13:28 06-12-2018 - 14:29
CVE-2019-3813 5.4
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
15-10-2020 - 13:28 04-02-2019 - 18:29
CVE-2018-16838 5.5
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
15-10-2020 - 13:28 25-03-2019 - 18:29
CVE-2019-14835 7.2
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript
15-10-2020 - 13:28 17-09-2019 - 16:15
CVE-2018-10911 5.0
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
15-10-2020 - 13:28 04-09-2018 - 14:29
CVE-2018-1000805 6.5
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
15-10-2020 - 13:28 08-10-2018 - 15:29
CVE-2019-10168 4.6
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will ex
15-10-2020 - 13:28 02-08-2019 - 13:15
CVE-2017-1000366 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made t
15-10-2020 - 13:28 19-06-2017 - 16:29
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
14-10-2020 - 18:09 28-01-2015 - 19:59
CVE-2009-3767 4.3
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-
14-10-2020 - 17:13 23-10-2009 - 19:30
CVE-2020-14621 5.0
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenti
14-10-2020 - 08:15 15-07-2020 - 18:15
CVE-2019-11356 7.5
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
14-10-2020 - 05:15 03-06-2019 - 20:29
CVE-2020-12674 5.0
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
13-10-2020 - 22:15 12-08-2020 - 16:15
CVE-2020-14550 3.5
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with net
11-10-2020 - 00:15 15-07-2020 - 18:15
CVE-2020-13379 6.4
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can b
10-10-2020 - 18:15 03-06-2020 - 19:15
CVE-2012-4453 2.1
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
09-10-2020 - 18:10 09-10-2012 - 23:55
CVE-2007-1349 5.0
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted U
09-10-2020 - 13:54 30-03-2007 - 00:19
CVE-2019-14868 7.2
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote una
09-10-2020 - 13:46 02-04-2020 - 17:15
CVE-2019-14906 7.5
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while c
09-10-2020 - 13:39 07-01-2020 - 21:15
CVE-2019-14834 4.3
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
09-10-2020 - 13:39 07-01-2020 - 17:15
CVE-2019-16777 5.5
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and cre
09-10-2020 - 13:36 13-12-2019 - 01:15
CVE-2019-14865 4.9
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subse
09-10-2020 - 13:24 29-11-2019 - 10:15
CVE-2019-14869 6.8
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating
09-10-2020 - 13:12 15-11-2019 - 12:15
CVE-2019-14824 3.5
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
09-10-2020 - 13:05 08-11-2019 - 15:15
CVE-2019-15606 7.5
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
07-10-2020 - 18:07 07-02-2020 - 15:15
CVE-2020-12865 5.2
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
07-10-2020 - 15:15 24-06-2020 - 13:15
CVE-2016-6797 5.0
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked
05-10-2020 - 22:15 10-08-2017 - 22:29
CVE-2011-1752 5.0
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as e
05-10-2020 - 19:04 06-06-2011 - 19:55
CVE-2019-15043 5.0
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
04-10-2020 - 18:15 03-09-2019 - 12:15
CVE-2020-15811 4.0
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s
02-10-2020 - 19:15 02-09-2020 - 17:15
CVE-2020-15669 6.8
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vu
02-10-2020 - 19:02 01-10-2020 - 19:15
CVE-2019-10164 9.0
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often su
02-10-2020 - 14:34 26-06-2019 - 16:15
CVE-2020-1045 5.0
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name bein
02-10-2020 - 03:15 11-09-2020 - 17:15
CVE-2020-8608 6.8
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
01-10-2020 - 14:15 06-02-2020 - 17:15
CVE-2020-15811 4.0
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s
30-09-2020 - 22:15 02-09-2020 - 17:15
CVE-2019-10216 6.8
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that coul
30-09-2020 - 18:17 27-11-2019 - 13:15
CVE-2019-10216 6.8
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that coul
30-09-2020 - 18:17 27-11-2019 - 13:15
CVE-2019-11745 6.8
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
30-09-2020 - 18:15 08-01-2020 - 20:15
CVE-2020-12402 1.2
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
30-09-2020 - 18:15 09-07-2020 - 15:15
CVE-2019-11729 5.0
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
30-09-2020 - 18:15 23-07-2019 - 14:15
CVE-2020-10663 5.0
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavi
30-09-2020 - 18:15 28-04-2020 - 21:15
CVE-2020-10663 5.0
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavi
30-09-2020 - 18:15 28-04-2020 - 21:15
CVE-2020-12402 1.2
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
30-09-2020 - 18:15 09-07-2020 - 15:15
CVE-2019-11729 5.0
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
30-09-2020 - 18:15 23-07-2019 - 14:15
CVE-2018-12404 4.3
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS
30-09-2020 - 18:15 02-05-2019 - 17:29
CVE-2019-11745 6.8
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
30-09-2020 - 18:15 08-01-2020 - 20:15
CVE-2016-7076 7.2
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
30-09-2020 - 18:15 29-05-2018 - 13:29
CVE-2019-10161 7.2
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attac
30-09-2020 - 14:47 30-07-2019 - 23:15
CVE-2019-10161 7.2
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attac
30-09-2020 - 14:47 30-07-2019 - 23:15
CVE-2019-10143 6.9
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate int
30-09-2020 - 14:22 24-05-2019 - 17:29
CVE-2019-10143 6.9
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate int
30-09-2020 - 14:22 24-05-2019 - 17:29
CVE-2020-12888 4.7
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
28-09-2020 - 16:15 15-05-2020 - 18:15
CVE-2020-12888 4.7
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
28-09-2020 - 16:15 15-05-2020 - 18:15
CVE-2020-1726 5.8
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with a
28-09-2020 - 15:15 11-02-2020 - 20:15
CVE-2019-14973 4.3
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application cras
28-09-2020 - 15:15 14-08-2019 - 06:15
CVE-2019-14973 4.3
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application cras
28-09-2020 - 15:15 14-08-2019 - 06:15
CVE-2020-1726 5.8
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with a
28-09-2020 - 15:15 11-02-2020 - 20:15
CVE-2018-19873 7.5
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
28-09-2020 - 09:15 26-12-2018 - 21:29
CVE-2018-19872 4.3
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
28-09-2020 - 09:15 21-03-2019 - 16:00
CVE-2018-19872 4.3
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
28-09-2020 - 09:15 21-03-2019 - 16:00
CVE-2018-19873 7.5
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
28-09-2020 - 09:15 26-12-2018 - 21:29
CVE-2020-1597 5.0
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
25-09-2020 - 20:15 17-08-2020 - 19:15
CVE-2020-1597 5.0
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
25-09-2020 - 20:15 17-08-2020 - 19:15
CVE-2020-12674 5.0
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
25-09-2020 - 19:15 12-08-2020 - 16:15
CVE-2020-16845 5.0
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
24-09-2020 - 12:15 06-08-2020 - 18:15
CVE-2020-16845 5.0
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
24-09-2020 - 12:15 06-08-2020 - 18:15
CVE-2020-6514 4.3
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
22-09-2020 - 09:15 22-07-2020 - 17:15
CVE-2020-15719 4.0
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openl
19-09-2020 - 18:15 14-07-2020 - 14:15
CVE-2018-5407 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
18-09-2020 - 16:58 15-11-2018 - 21:29
CVE-2018-16865 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remo
18-09-2020 - 16:49 11-01-2019 - 21:29
CVE-2018-16881 5.0
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
18-09-2020 - 16:40 25-01-2019 - 18:29
CVE-2019-15847 5.0
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operati
17-09-2020 - 13:38 02-09-2019 - 23:15
CVE-2019-17571 7.5
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic fo
16-09-2020 - 18:15 20-12-2019 - 17:15
CVE-2016-9401 2.1
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
14-09-2020 - 18:32 23-01-2017 - 21:59
CVE-2019-2684 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthen
11-09-2020 - 16:15 23-04-2019 - 19:32
CVE-2016-5011 4.9
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot reco
11-09-2020 - 15:22 11-04-2017 - 15:59
CVE-2018-11806 7.2
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
10-09-2020 - 17:15 13-06-2018 - 16:29
CVE-2020-10720 4.9
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
10-09-2020 - 14:46 03-09-2020 - 18:15
CVE-2018-14567 4.3
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201
10-09-2020 - 01:15 16-08-2018 - 20:29
CVE-2013-6054 7.5
Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.
09-09-2020 - 19:56 12-12-2013 - 18:55
CVE-2012-3358 10.0
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in
09-09-2020 - 19:56 18-07-2012 - 23:55
CVE-2012-3535 6.8
Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.
09-09-2020 - 19:56 05-09-2012 - 23:55
CVE-2015-7512 6.8
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
09-09-2020 - 15:14 08-01-2016 - 21:59
CVE-2015-3209 7.5
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
09-09-2020 - 15:14 15-06-2015 - 15:59
CVE-2015-1779 7.8
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
09-09-2020 - 15:13 12-01-2016 - 19:59
CVE-2020-11501 5.8
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes
09-09-2020 - 15:10 03-04-2020 - 13:15
CVE-2018-1100 7.2
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
09-09-2020 - 14:55 11-04-2018 - 19:29
CVE-2018-1050 3.3
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls c
09-09-2020 - 14:53 13-03-2018 - 16:29
CVE-2020-2830 5.0
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthe
09-09-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-0549 2.1
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
09-09-2020 - 08:15 28-01-2020 - 01:15
CVE-2018-18751 7.5
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
08-09-2020 - 18:15 29-10-2018 - 12:29
CVE-2020-12825 5.8
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
08-09-2020 - 18:15 12-05-2020 - 18:15
CVE-2019-2698 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protoc
08-09-2020 - 13:00 23-04-2019 - 19:32
CVE-2019-2999 4.0
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul
08-09-2020 - 13:00 16-10-2019 - 18:15
CVE-2019-2422 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker
08-09-2020 - 13:00 16-01-2019 - 19:30
CVE-2018-3214 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulner
08-09-2020 - 13:00 17-10-2018 - 01:31
CVE-2015-4000 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
08-09-2020 - 13:00 21-05-2015 - 00:59
CVE-2014-4266 5.0
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
08-09-2020 - 13:00 17-07-2014 - 11:17
CVE-2014-6558 2.6
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
08-09-2020 - 13:00 15-10-2014 - 22:55
CVE-2014-4265 5.0
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. Per: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html "Applies to client
08-09-2020 - 13:00 17-07-2014 - 11:17
CVE-2014-2427 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. per: http://www.oracle.com/technetw
08-09-2020 - 13:00 16-04-2014 - 02:55
CVE-2014-2428 7.6
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
08-09-2020 - 13:00 16-04-2014 - 02:55
CVE-2015-0412 7.2
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. As per Oracle: Applies to client deployment of Java only. This vulnerabili
08-09-2020 - 13:00 21-01-2015 - 19:59
CVE-2014-0428 10.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is f
08-09-2020 - 13:00 15-01-2014 - 16:08
CVE-2015-0413 1.9
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. As per http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html: Applies to client deplo
08-09-2020 - 13:00 21-01-2015 - 19:59
CVE-2018-2952 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult t
08-09-2020 - 12:59 18-07-2018 - 13:29
CVE-2018-2815 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploi
08-09-2020 - 12:59 19-04-2018 - 02:29
CVE-2018-2973 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unau
08-09-2020 - 12:59 18-07-2018 - 13:29
CVE-2018-2678 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable
08-09-2020 - 12:59 18-01-2018 - 02:29
CVE-2018-2783 5.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit v
08-09-2020 - 12:59 19-04-2018 - 02:29
CVE-2017-3544 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit
08-09-2020 - 12:59 24-04-2017 - 19:59
CVE-2016-5597 4.3
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
08-09-2020 - 12:59 25-10-2016 - 14:31
CVE-2016-3606 6.8
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
08-09-2020 - 12:59 21-07-2016 - 10:14
CVE-2016-3550 4.3
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.
08-09-2020 - 12:59 21-07-2016 - 10:13
CVE-2017-10388 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unau
08-09-2020 - 12:59 19-10-2017 - 17:29
CVE-2017-10243 6.4
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulne
08-09-2020 - 12:59 08-08-2017 - 15:29
CVE-2016-3610 9.3
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.
08-09-2020 - 12:30 21-07-2016 - 10:14
CVE-2015-4916 5.0
Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. Per <a href="http://www.oracle.com/technetwork/t
08-09-2020 - 12:30 22-10-2015 - 00:00
CVE-2016-3427 10.0
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
08-09-2020 - 12:30 21-04-2016 - 11:00
CVE-2015-4760 10.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Per Advisory: <a href="http://www.oracle.com/technetwork/topics/securit
08-09-2020 - 12:30 16-07-2015 - 11:00
CVE-2015-4911 5.0
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.
08-09-2020 - 12:30 22-10-2015 - 00:00
CVE-2016-3449 7.6
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
08-09-2020 - 12:30 21-04-2016 - 11:00
CVE-2016-0636 9.3
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
08-09-2020 - 12:30 24-03-2016 - 18:59
CVE-2016-0494 10.0
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2
08-09-2020 - 12:30 21-01-2016 - 03:00
CVE-2015-0488 5.0
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. Per Oracle: Applies to client and server deployment of JSSE. (http://www.oracl
08-09-2020 - 12:30 16-04-2015 - 16:59
CVE-2015-0491 10.0
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-04
08-09-2020 - 12:30 16-04-2015 - 16:59
CVE-2015-0437 9.3
Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
08-09-2020 - 12:30 21-01-2015 - 19:59
CVE-2015-0492 9.3
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. Per Oracle: Applies to cl
08-09-2020 - 12:30 16-04-2015 - 16:59
CVE-2019-2842 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to c
08-09-2020 - 12:29 23-07-2019 - 23:15
CVE-2018-3183 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerabil
08-09-2020 - 12:29 17-10-2018 - 01:31
CVE-2014-6562 9.3
Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
08-09-2020 - 12:29 15-10-2014 - 22:55
CVE-2020-11985 4.3
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in
03-09-2020 - 18:15 07-08-2020 - 16:15
CVE-2018-3639 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
02-09-2020 - 21:15 22-05-2018 - 12:29
CVE-2016-4455 2.1
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directo
02-09-2020 - 19:10 14-04-2017 - 18:59
CVE-2018-14622 5.0
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file de
31-08-2020 - 16:16 30-08-2018 - 13:29
CVE-2020-10699 7.2
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate
30-08-2020 - 23:15 15-04-2020 - 14:15
CVE-2020-13398 6.5
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
30-08-2020 - 02:15 22-05-2020 - 18:15
CVE-2009-0778 7.1
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of a
28-08-2020 - 16:06 12-03-2009 - 15:20
CVE-2012-0449 9.3
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
28-08-2020 - 13:14 01-02-2012 - 16:55
CVE-2012-0444 10.0
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corr
28-08-2020 - 13:12 01-02-2012 - 16:55
CVE-2012-0442 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corru
28-08-2020 - 13:11 01-02-2012 - 16:55
CVE-2009-2848 5.9
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone
28-08-2020 - 13:10 18-08-2009 - 21:00
CVE-2011-2716 6.8
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
27-08-2020 - 20:15 03-07-2012 - 16:40
CVE-2013-1813 7.2
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
27-08-2020 - 20:15 23-11-2013 - 11:55
CVE-2019-14822 3.6
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to inter
27-08-2020 - 15:15 25-11-2019 - 12:15
CVE-2019-20892 4.0
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream
27-08-2020 - 00:15 25-06-2020 - 10:15
CVE-2014-0181 2.1
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configura
26-08-2020 - 19:44 27-04-2014 - 00:55
CVE-2014-2038 2.1
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from ke
26-08-2020 - 13:34 28-02-2014 - 06:18
CVE-2009-0834 3.6
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass
26-08-2020 - 12:57 06-03-2009 - 11:30
CVE-2010-4526 7.1
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked b
25-08-2020 - 20:25 11-01-2011 - 03:00
CVE-2016-2775 4.3
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso
25-08-2020 - 20:18 19-07-2016 - 22:59
CVE-2014-2523 10.0
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that tri
25-08-2020 - 13:55 24-03-2014 - 16:40
CVE-2019-9824 2.1
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
24-08-2020 - 17:37 03-06-2019 - 21:29
CVE-2019-9143 6.8
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly h
24-08-2020 - 17:37 25-02-2019 - 15:29
CVE-2019-9813 6.8
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
24-08-2020 - 17:37 26-04-2019 - 17:29
CVE-2019-9854 6.8
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script
24-08-2020 - 17:37 06-09-2019 - 19:15
CVE-2019-9210 6.8
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
24-08-2020 - 17:37 27-02-2019 - 14:29
CVE-2019-5489 2.1
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af
24-08-2020 - 17:37 07-01-2019 - 17:29
CVE-2019-6778 4.6
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
24-08-2020 - 17:37 21-03-2019 - 16:01
CVE-2019-6133 4.4
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendin
24-08-2020 - 17:37 11-01-2019 - 14:29
CVE-2019-6116 6.8
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
24-08-2020 - 17:37 21-03-2019 - 16:01
CVE-2019-2455 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attac
24-08-2020 - 17:37 16-01-2019 - 19:30
CVE-2019-7665 4.3
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does n
24-08-2020 - 17:37 09-02-2019 - 16:29
CVE-2019-9636 5.0
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a
24-08-2020 - 17:37 08-03-2019 - 21:29
CVE-2018-8905 6.8
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
24-08-2020 - 17:37 22-03-2018 - 04:29
CVE-2018-19519 4.3
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
24-08-2020 - 17:37 25-11-2018 - 20:29
CVE-2018-5345 6.8
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
24-08-2020 - 17:37 12-01-2018 - 00:29
CVE-2018-19115 7.5
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimi
24-08-2020 - 17:37 08-11-2018 - 20:29
CVE-2019-9893 7.5
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
24-08-2020 - 17:37 21-03-2019 - 16:01
CVE-2019-2481 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged a
24-08-2020 - 17:37 16-01-2019 - 19:30
CVE-2019-8308 4.4
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
24-08-2020 - 17:37 12-02-2019 - 23:29
CVE-2018-7566 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
24-08-2020 - 17:37 30-03-2018 - 21:29
CVE-2018-6485 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
24-08-2020 - 17:37 01-02-2018 - 14:29
CVE-2019-9956 6.8
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
24-08-2020 - 17:37 24-03-2019 - 00:29
CVE-2018-3646 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fau
24-08-2020 - 17:37 14-08-2018 - 19:29
CVE-2019-9948 6.4
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call
24-08-2020 - 17:37 23-03-2019 - 18:29
CVE-2019-5953 7.5
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
24-08-2020 - 17:37 17-05-2019 - 16:29
CVE-2019-6111 5.8
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned
24-08-2020 - 17:37 31-01-2019 - 18:29
CVE-2018-7418 5.0
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
24-08-2020 - 17:37 23-02-2018 - 22:29
CVE-2019-8324 6.8
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadabl
24-08-2020 - 17:37 17-06-2019 - 19:15
CVE-2019-2821 2.6
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to comp
24-08-2020 - 17:37 23-07-2019 - 23:15
CVE-2019-9811 5.1
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox <
24-08-2020 - 17:37 23-07-2019 - 14:15
CVE-2019-1559 4.3
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
24-08-2020 - 17:37 27-02-2019 - 23:29
CVE-2018-14682 6.8
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
24-08-2020 - 17:37 28-07-2018 - 23:29
CVE-2019-12450 7.5
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
24-08-2020 - 17:37 29-05-2019 - 17:29
CVE-2018-15473 5.0
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-
24-08-2020 - 17:37 17-08-2018 - 19:29
CVE-2019-14513 5.0
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.
24-08-2020 - 17:37 01-08-2019 - 21:15
CVE-2019-14809 7.5
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is relate
24-08-2020 - 17:37 13-08-2019 - 21:15
CVE-2018-18498 7.5
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird
24-08-2020 - 17:37 28-02-2019 - 18:29
CVE-2018-18311 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
24-08-2020 - 17:37 07-12-2018 - 21:29
CVE-2019-13313 2.1
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
24-08-2020 - 17:37 05-07-2019 - 14:15
CVE-2019-12749 3.6
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference
24-08-2020 - 17:37 11-06-2019 - 17:29
CVE-2019-14378 6.5
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
24-08-2020 - 17:37 29-07-2019 - 11:15
CVE-2019-1301 5.0
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
24-08-2020 - 17:37 11-09-2019 - 22:15
CVE-2019-14744 5.1
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated
24-08-2020 - 17:37 07-08-2019 - 15:15
CVE-2019-13272 7.2
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with
24-08-2020 - 17:37 17-07-2019 - 13:15
CVE-2018-17456 7.5
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has
24-08-2020 - 17:37 06-10-2018 - 14:29
CVE-2019-12387 4.3
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
24-08-2020 - 17:37 10-06-2019 - 12:29
CVE-2019-16056 5.0
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and imple
24-08-2020 - 17:37 06-09-2019 - 18:15
CVE-2019-15718 2.1
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivile
24-08-2020 - 17:37 04-09-2019 - 12:15
CVE-2018-16542 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
24-08-2020 - 17:37 05-09-2018 - 18:29
CVE-2019-14287 9.0
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !r
24-08-2020 - 17:37 17-10-2019 - 18:15
CVE-2019-1387 6.8
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names
24-08-2020 - 17:37 18-12-2019 - 21:15
CVE-2018-13139 6.8
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be trigger
24-08-2020 - 17:37 04-07-2018 - 14:29
CVE-2019-12527 6.8
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leadin
24-08-2020 - 17:37 11-07-2019 - 19:15
CVE-2019-12312 5.0
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expecte
24-08-2020 - 17:37 24-05-2019 - 14:29
CVE-2019-11135 2.1
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
24-08-2020 - 17:37 14-11-2019 - 19:15
CVE-2018-12404 4.3
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS
24-08-2020 - 17:37 02-05-2019 - 17:29
CVE-2018-12327 7.5
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whet
24-08-2020 - 17:37 20-06-2018 - 14:29
CVE-2018-12384 4.3
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.3
24-08-2020 - 17:37 29-04-2019 - 15:29
CVE-2019-10906 5.0
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
24-08-2020 - 17:37 07-04-2019 - 00:29
CVE-2018-12393 5.0
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bou
24-08-2020 - 17:37 28-02-2019 - 18:29
CVE-2017-15906 5.0
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
24-08-2020 - 17:37 26-10-2017 - 03:29
CVE-2019-11091 4.7
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
24-08-2020 - 17:37 30-05-2019 - 16:29
CVE-2018-12085 6.8
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
24-08-2020 - 17:37 09-06-2018 - 11:29
CVE-2019-11810 7.8
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a
24-08-2020 - 17:37 07-05-2019 - 14:29
CVE-2018-12015 6.4
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
24-08-2020 - 17:37 07-06-2018 - 13:29
CVE-2018-1000116 7.5
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
24-08-2020 - 17:37 07-03-2018 - 14:29
CVE-2019-1010238 7.5
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condit
24-08-2020 - 17:37 19-07-2019 - 17:15
CVE-2018-1000140 7.5
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to
24-08-2020 - 17:37 23-03-2018 - 21:29
CVE-2019-0161 2.1
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
24-08-2020 - 17:37 27-03-2019 - 20:29
CVE-2019-0816 1.9
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
24-08-2020 - 17:37 09-04-2019 - 03:29
CVE-2019-0804 4.0
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.
24-08-2020 - 17:37 09-04-2019 - 03:29
CVE-2019-0220 5.0
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions
24-08-2020 - 17:37 11-06-2019 - 21:29
CVE-2019-1000020 4.3
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, rea
24-08-2020 - 17:37 04-02-2019 - 21:29
CVE-2019-0215 6.0
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
24-08-2020 - 17:37 08-04-2019 - 20:29
CVE-2018-0739 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
24-08-2020 - 17:37 27-03-2018 - 21:29
CVE-2011-4028 1.2
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
24-08-2020 - 17:14 03-07-2012 - 19:55
CVE-2011-4029 1.9
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack
24-08-2020 - 17:14 03-07-2012 - 19:55
CVE-2013-6424 5.0
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
24-08-2020 - 16:52 18-01-2014 - 19:55
CVE-2020-10188 10.0
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
24-08-2020 - 11:15 06-03-2020 - 15:15
CVE-2019-10160 5.0
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by
22-08-2020 - 17:15 07-06-2019 - 18:29
CVE-2014-1738 2.1
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from
21-08-2020 - 18:29 11-05-2014 - 21:55
CVE-2020-15780 7.2
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
21-08-2020 - 06:15 15-07-2020 - 22:15
CVE-2020-1147 6.8
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execut
20-08-2020 - 15:15 14-07-2020 - 23:15
CVE-2014-0196 6.9
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or
19-08-2020 - 19:40 07-05-2014 - 10:55
CVE-2014-3145 4.9
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read
19-08-2020 - 19:20 11-05-2014 - 21:55
CVE-2019-8325 5.0
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
19-08-2020 - 19:01 17-06-2019 - 19:15
CVE-2019-17596 5.0
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
18-08-2020 - 15:05 24-10-2019 - 22:15
CVE-2019-15239 7.2
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue tha
18-08-2020 - 15:05 20-08-2019 - 08:15
CVE-2019-11043 7.5
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the p
18-08-2020 - 15:05 28-10-2019 - 15:15
CVE-2020-1720 3.5
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et
17-08-2020 - 19:15 17-03-2020 - 16:15
CVE-2018-10915 6.0
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untru
17-08-2020 - 19:15 09-08-2018 - 20:29
CVE-2016-8864 5.0
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive
17-08-2020 - 17:44 02-11-2016 - 17:59
CVE-2012-0698 5.0
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.
17-08-2020 - 15:55 26-11-2012 - 12:45
CVE-2014-9322 7.2
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access t
14-08-2020 - 18:23 17-12-2014 - 11:59
CVE-2014-4943 6.9
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
14-08-2020 - 18:09 19-07-2014 - 19:55
CVE-2012-4193 6.8
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, w
14-08-2020 - 18:07 12-10-2012 - 10:44
CVE-2014-4667 5.0
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
14-08-2020 - 18:02 03-07-2014 - 04:22
CVE-2010-4343 4.7
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. Per: http://cwe.m
14-08-2020 - 16:35 29-12-2010 - 18:00
CVE-2010-2524 4.6
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local user
14-08-2020 - 15:59 08-09-2010 - 20:00
CVE-2010-2249 4.3
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
14-08-2020 - 15:51 30-06-2010 - 18:30
CVE-2008-3275 4.9
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denia
14-08-2020 - 15:36 12-08-2008 - 23:41
CVE-2008-2812 7.2
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) ha
14-08-2020 - 15:35 09-07-2008 - 00:41
CVE-2010-3904 7.2
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privile
14-08-2020 - 15:24 06-12-2010 - 20:13
CVE-2010-4249 4.9
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via
14-08-2020 - 15:20 29-11-2010 - 16:00
CVE-2010-3698 4.9
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local D
14-08-2020 - 15:12 26-11-2010 - 19:00
CVE-2010-3477 2.1
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to o
14-08-2020 - 14:03 21-09-2010 - 20:00
CVE-2009-3612 2.1
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensit
14-08-2020 - 13:46 19-10-2009 - 20:00
CVE-2014-8369 4.6
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or p
13-08-2020 - 19:37 10-11-2014 - 11:55
CVE-2014-3646 4.7
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
13-08-2020 - 19:34 10-11-2014 - 11:55
CVE-2012-4188 9.3
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary
13-08-2020 - 19:29 10-10-2012 - 17:55
CVE-2014-5077 7.1
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an assoc
13-08-2020 - 16:27 01-08-2014 - 11:13
CVE-2010-4248 4.9
Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers
13-08-2020 - 13:13 30-11-2010 - 21:38
CVE-2010-4668 4.7
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: th
12-08-2020 - 19:37 03-01-2011 - 20:00
CVE-2014-3611 4.7
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
12-08-2020 - 17:50 10-11-2014 - 11:55
CVE-2012-4196 6.4
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a pro
12-08-2020 - 17:45 29-10-2012 - 18:55
CVE-2011-1083 4.9
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create a
12-08-2020 - 16:46 04-04-2011 - 12:27
CVE-2010-4243 4.9
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a cr
12-08-2020 - 16:23 22-01-2011 - 22:00
CVE-2009-3547 6.9
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
12-08-2020 - 15:44 04-11-2009 - 15:30
CVE-2009-3621 4.9
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing
12-08-2020 - 15:21 22-10-2009 - 16:00
CVE-2013-6671 10.0
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordere
12-08-2020 - 14:39 11-12-2013 - 15:55
CVE-2011-0521 7.2
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unsp
12-08-2020 - 14:39 02-02-2011 - 23:00
CVE-2020-8597 7.5
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
11-08-2020 - 19:15 03-02-2020 - 23:15
CVE-2006-1174 3.7
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and poss
11-08-2020 - 17:09 28-05-2006 - 23:02
CVE-2014-3615 2.1
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
11-08-2020 - 15:49 01-11-2014 - 23:55
CVE-2012-6075 9.3
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly ex
11-08-2020 - 15:21 13-02-2013 - 01:55
CVE-2013-4344 7.2
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
11-08-2020 - 15:21 04-10-2013 - 17:55
CVE-2012-3515 7.2
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device mode
11-08-2020 - 15:21 23-11-2012 - 20:55
CVE-2010-3081 7.2
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to
11-08-2020 - 14:43 24-09-2010 - 20:00
CVE-2014-1487 5.0
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information v
11-08-2020 - 13:38 06-02-2014 - 05:44
CVE-2013-0769 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey be
11-08-2020 - 13:09 13-01-2013 - 20:55
CVE-2010-3442 4.7
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a
10-08-2020 - 15:50 04-10-2010 - 21:00
CVE-2020-15707 4.4
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffe
08-08-2020 - 18:15 29-07-2020 - 18:15
CVE-2018-1000852 6.4
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server c
07-08-2020 - 17:31 20-12-2018 - 15:29
CVE-2010-0727 4.9
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute
07-08-2020 - 15:13 16-03-2010 - 19:30
CVE-2020-13692 6.8
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
07-08-2020 - 03:15 04-06-2020 - 16:15
CVE-2019-13734 6.8
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
06-08-2020 - 19:15 10-12-2019 - 22:15
CVE-2010-3881 2.1
arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.
06-08-2020 - 19:10 23-12-2010 - 18:00
CVE-2014-1532 7.5
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute a
06-08-2020 - 17:57 30-04-2014 - 10:49
CVE-2013-0783 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a deni
06-08-2020 - 17:24 19-02-2013 - 23:55
CVE-2012-5842 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a deni
06-08-2020 - 16:47 21-11-2012 - 12:55
CVE-2011-2692 6.8
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory
06-08-2020 - 15:53 17-07-2011 - 20:55
CVE-2014-1514 7.5
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to ex
05-08-2020 - 14:00 19-03-2014 - 10:55
CVE-2010-4805 7.8
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to
04-08-2020 - 17:52 26-05-2011 - 16:55
CVE-2011-1573 4.3
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attacke
04-08-2020 - 17:50 02-02-2012 - 04:09
CVE-2011-2525 7.2
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL poin
04-08-2020 - 15:13 02-02-2012 - 04:09
CVE-2011-3193 9.3
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a craft
04-08-2020 - 13:20 16-06-2012 - 00:55
CVE-2011-1478 5.7
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of servic
03-08-2020 - 15:00 23-10-2011 - 10:55
CVE-2011-2723 5.7
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of servic
31-07-2020 - 21:34 06-09-2011 - 15:55
CVE-2018-14498 4.3
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is o
31-07-2020 - 21:15 07-03-2019 - 23:29
CVE-2011-2695 4.9
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number c
31-07-2020 - 19:59 28-07-2011 - 22:55
CVE-2011-2689 4.9
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arra
31-07-2020 - 19:53 28-07-2011 - 22:55
CVE-2011-2492 1.9
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to
31-07-2020 - 19:46 28-07-2011 - 22:55
CVE-2012-1798 4.3
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
31-07-2020 - 18:43 05-06-2012 - 22:55
CVE-2012-0260 4.3
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
31-07-2020 - 18:42 05-06-2012 - 22:55
CVE-2010-4577 5.0
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS
31-07-2020 - 18:39 22-12-2010 - 01:00
CVE-2010-4203 10.0
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
31-07-2020 - 18:24 06-11-2010 - 00:00
CVE-2018-13347 7.5
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
31-07-2020 - 13:15 06-07-2018 - 00:29
CVE-2012-3552 7.1
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of n
31-07-2020 - 11:33 03-10-2012 - 11:02
CVE-2011-2918 4.9
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
31-07-2020 - 10:19 24-05-2012 - 23:55
CVE-2012-0207 7.8
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
30-07-2020 - 19:39 17-05-2012 - 11:00
CVE-2019-20479 5.8
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
30-07-2020 - 00:15 20-02-2020 - 06:15
CVE-2020-10711 4.3
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the
29-07-2020 - 19:15 22-05-2020 - 15:15
CVE-2011-1581 9.0
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue
29-07-2020 - 16:26 26-05-2011 - 16:55
CVE-2017-6519 6.4
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leaka
29-07-2020 - 12:15 01-05-2017 - 01:59
CVE-2014-0160 5.0
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
28-07-2020 - 17:11 07-04-2014 - 22:55
CVE-2014-0224 5.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
28-07-2020 - 16:40 05-06-2014 - 21:55
CVE-2011-4326 7.1
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv
28-07-2020 - 12:59 17-05-2012 - 11:00
CVE-2011-4621 4.9
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
27-07-2020 - 23:15 17-05-2012 - 11:00
CVE-2012-1097 7.2
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other
27-07-2020 - 20:14 17-05-2012 - 11:00
CVE-2011-1771 4.4
The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to
27-07-2020 - 20:13 06-09-2011 - 16:55
CVE-2011-2479 4.9
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
27-07-2020 - 19:56 01-03-2013 - 12:37
CVE-2019-9755 4.4
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash
27-07-2020 - 03:15 05-06-2019 - 15:29
CVE-2019-17451 4.3
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
27-07-2020 - 03:15 10-10-2019 - 17:15
CVE-2019-17626 7.5
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
27-07-2020 - 03:15 16-10-2019 - 12:15
CVE-2020-12049 4.9
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or a
27-07-2020 - 03:15 08-06-2020 - 17:15
CVE-2020-1763 5.0
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The
27-07-2020 - 02:15 12-05-2020 - 14:15
CVE-2020-13817 5.8
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated
27-07-2020 - 02:15 04-06-2020 - 13:15
CVE-2019-11498 4.3
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file
27-07-2020 - 02:15 24-04-2019 - 05:29
CVE-2020-12421 4.3
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the u
27-07-2020 - 02:15 09-07-2020 - 15:15
CVE-2020-10109 7.5
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipel
27-07-2020 - 02:15 12-03-2020 - 13:15
CVE-2020-13112 6.4
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
27-07-2020 - 01:15 21-05-2020 - 16:15
CVE-2020-11524 6.0
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
27-07-2020 - 00:15 15-05-2020 - 17:15
CVE-2020-1983 2.1
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
26-07-2020 - 14:15 22-04-2020 - 20:15
CVE-2017-18922 7.5
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overf
24-07-2020 - 18:15 30-06-2020 - 11:15
CVE-2020-6831 7.5
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
23-07-2020 - 19:37 26-05-2020 - 18:15
CVE-2019-9631 7.5
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
23-07-2020 - 12:15 08-03-2019 - 05:29
CVE-2020-12410 9.3
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
22-07-2020 - 16:15 09-07-2020 - 15:15
CVE-2019-19338 2.1
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a hos
21-07-2020 - 17:17 13-07-2020 - 17:15
CVE-2020-7039 6.8
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute
17-07-2020 - 17:19 16-01-2020 - 23:15
CVE-2019-20788 7.5
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
15-07-2020 - 19:15 23-04-2020 - 19:15
CVE-2018-3665 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
15-07-2020 - 03:15 21-06-2018 - 20:29
CVE-2020-8112 6.8
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
15-07-2020 - 03:15 28-01-2020 - 18:15
CVE-2020-6851 5.0
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
15-07-2020 - 03:15 13-01-2020 - 06:15
CVE-2019-8457 7.5
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
15-07-2020 - 03:15 30-05-2019 - 16:29
CVE-2016-6814 7.5
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f
15-07-2020 - 03:15 18-01-2018 - 18:29
CVE-2015-7501 10.0
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x
15-07-2020 - 03:15 09-11-2017 - 17:29
CVE-2019-10193 6.5
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perfo
15-07-2020 - 03:15 11-07-2019 - 19:15
CVE-2019-13345 4.3
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
11-07-2020 - 00:15 05-07-2019 - 16:15
CVE-2020-11945 7.5
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a s
11-07-2020 - 00:15 23-04-2020 - 15:15
CVE-2020-5312 7.5
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
10-07-2020 - 17:09 03-01-2020 - 01:15
CVE-2019-14907 2.6
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such st
10-07-2020 - 15:09 21-01-2020 - 18:15
CVE-2019-19126 2.1
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping ad
09-07-2020 - 20:15 19-11-2019 - 22:15
CVE-2020-12663 5.0
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
08-07-2020 - 23:15 19-05-2020 - 14:15
CVE-2020-7066 4.3
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make in
08-07-2020 - 12:15 01-04-2020 - 04:15
CVE-2016-0764 2.1
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensiti
01-07-2020 - 14:13 17-07-2017 - 13:18
CVE-2019-18934 6.8
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ips
30-06-2020 - 00:15 19-11-2019 - 18:15
CVE-2018-6541 4.3
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service
28-06-2020 - 15:15 02-02-2018 - 09:29
CVE-2020-10754 4.0
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happe
23-06-2020 - 17:44 08-06-2020 - 18:15
CVE-2020-13777 5.8
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-
19-06-2020 - 11:15 04-06-2020 - 07:15
CVE-2015-7704 5.0
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
18-06-2020 - 17:12 07-08-2017 - 20:29
CVE-2020-12654 4.3
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
16-06-2020 - 20:15 05-05-2020 - 05:15
CVE-2019-13232 2.1
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
16-06-2020 - 18:25 04-07-2019 - 13:15
CVE-2020-12657 4.6
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.
13-06-2020 - 09:15 05-05-2020 - 07:15
CVE-2019-20044 7.2
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload wit
11-06-2020 - 16:15 24-02-2020 - 14:15
CVE-2020-2732 2.3
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that shou
10-06-2020 - 20:15 08-04-2020 - 22:15
CVE-2020-1108 5.0
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
05-06-2020 - 19:53 21-05-2020 - 23:15
CVE-2011-1202 4.3
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an
04-06-2020 - 14:16 11-03-2011 - 02:01
CVE-2017-1000251 7.7
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remot
03-06-2020 - 19:00 12-09-2017 - 17:29
CVE-2015-3405 5.0
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remot
28-05-2020 - 14:08 09-08-2017 - 16:29
CVE-2020-10957 5.0
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
28-05-2020 - 04:15 18-05-2020 - 14:15
CVE-2011-2192 4.3
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSS
27-05-2020 - 20:42 07-07-2011 - 21:55
CVE-2020-1161 5.0
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
27-05-2020 - 18:54 21-05-2020 - 23:15
CVE-2012-3411 5.0
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
27-05-2020 - 18:18 05-03-2013 - 21:38
CVE-2019-11596 5.0
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
26-05-2020 - 16:15 29-04-2019 - 15:29
CVE-2020-11008 5.0
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open fo
22-05-2020 - 19:15 21-04-2020 - 19:15
CVE-2009-2474 5.8
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi
22-05-2020 - 15:32 21-08-2009 - 17:30
CVE-2018-14355 5.0
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
20-05-2020 - 01:19 17-07-2018 - 17:29
CVE-2018-14362 7.5
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
19-05-2020 - 17:19 17-07-2018 - 17:29
CVE-2019-5544 7.5
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
15-05-2020 - 00:15 06-12-2019 - 16:15
CVE-2017-17833 7.5
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
15-05-2020 - 00:15 23-04-2018 - 18:29
CVE-2016-3710 7.2
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port
14-05-2020 - 15:43 11-05-2016 - 21:59
CVE-2016-3712 2.1
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. CWE-190: Integer Overflow or Wraparound
14-05-2020 - 15:35 11-05-2016 - 21:59
CVE-2018-7550 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or
14-05-2020 - 14:37 01-03-2018 - 17:29
CVE-2018-5683 2.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
14-05-2020 - 14:14 23-01-2018 - 18:29
CVE-2016-5403 4.9
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
14-05-2020 - 14:05 02-08-2016 - 16:59
CVE-2020-12268 7.5
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
11-05-2020 - 21:15 27-04-2020 - 02:15
CVE-2011-2834 6.8
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
08-05-2020 - 18:12 19-09-2011 - 12:02
CVE-2011-3919 7.5
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
07-05-2020 - 19:05 07-01-2012 - 11:55
CVE-2011-3922 7.5
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.
07-05-2020 - 18:43 07-01-2012 - 11:55
CVE-2018-13796 4.3
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
06-05-2020 - 20:15 12-07-2018 - 18:29
CVE-2020-5260 5.0
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from se
06-05-2020 - 19:15 14-04-2020 - 23:15
CVE-2019-11811 6.9
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and
06-05-2020 - 15:14 07-05-2019 - 14:29
CVE-2018-1116 3.6
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other
05-05-2020 - 16:05 10-07-2018 - 19:29
CVE-2020-2930 3.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple prot
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2922 4.3
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with ne
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2017-5715 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
05-05-2020 - 11:31 04-01-2018 - 13:29
CVE-2018-11235 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
02-05-2020 - 00:15 30-05-2018 - 04:29
CVE-2020-6825 7.5
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of t
01-05-2020 - 16:07 24-04-2020 - 16:15
CVE-2020-6820 6.8
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR
01-05-2020 - 13:47 24-04-2020 - 16:15
CVE-2020-6814 7.5
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This
22-04-2020 - 20:15 25-03-2020 - 22:15
CVE-2011-3026 6.8
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
16-04-2020 - 16:37 16-02-2012 - 20:55
CVE-2018-1336 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
15-04-2020 - 21:15 02-08-2018 - 14:29
CVE-2011-3045 6.8
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly exe
14-04-2020 - 16:06 22-03-2012 - 16:55
CVE-2018-19208 4.3
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
14-04-2020 - 15:27 12-11-2018 - 19:29
CVE-2020-1712 4.6
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially
10-04-2020 - 15:42 31-03-2020 - 17:15
CVE-2020-11100 6.5
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
04-04-2020 - 15:15 02-04-2020 - 15:15
CVE-2019-19330 7.5
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
01-04-2020 - 21:15 27-11-2019 - 16:15
CVE-2012-3954 3.3
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
01-04-2020 - 13:59 25-07-2012 - 10:42
CVE-2012-3571 6.1
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
01-04-2020 - 13:58 25-07-2012 - 10:42
CVE-2020-10696 9.3
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user
01-04-2020 - 13:18 31-03-2020 - 22:15
CVE-2011-4539 5.0
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
01-04-2020 - 13:09 08-12-2011 - 11:55
CVE-2011-2749 7.8
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
01-04-2020 - 13:08 15-08-2011 - 21:55
CVE-2011-0997 7.5
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstra
01-04-2020 - 13:07 08-04-2011 - 15:17
CVE-2011-0413 7.8
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 fo
01-04-2020 - 12:55 31-01-2011 - 21:00
CVE-2014-5119 7.5
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment vari
31-03-2020 - 15:32 29-08-2014 - 16:55
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
24-03-2020 - 18:19 08-07-2008 - 23:41
CVE-2019-3696 4.4
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module f
24-03-2020 - 14:00 03-03-2020 - 11:15
CVE-2018-12121 5.0
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of
20-03-2020 - 21:15 28-11-2018 - 17:29
CVE-2020-10531 6.8
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
20-03-2020 - 04:15 12-03-2020 - 19:15
CVE-2020-2601 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unau
19-03-2020 - 16:05 15-01-2020 - 17:15
CVE-2020-2659 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated at
19-03-2020 - 15:41 15-01-2020 - 17:15
CVE-2019-13456 2.9
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the pa
18-03-2020 - 21:15 03-12-2019 - 20:15
CVE-2019-8822 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing malici
15-03-2020 - 07:15 18-12-2019 - 18:15
CVE-2019-8768 5.0
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
15-03-2020 - 07:15 18-12-2019 - 18:15
CVE-2019-11764 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run ar
14-03-2020 - 19:15 08-01-2020 - 21:15
CVE-2016-1000111 5.0
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote
13-03-2020 - 20:04 11-03-2020 - 20:15
CVE-2019-17026 6.8
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, an
12-03-2020 - 21:15 02-03-2020 - 05:15
CVE-2020-6800 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to
12-03-2020 - 00:15 02-03-2020 - 05:15
CVE-2019-15605 7.5
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
11-03-2020 - 22:25 07-02-2020 - 15:15
CVE-2018-1311 6.8
The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl
11-03-2020 - 22:20 18-12-2019 - 20:15
CVE-2019-19527 7.2
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
02-03-2020 - 20:15 03-12-2019 - 16:15
CVE-2015-8710 7.5
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed H
26-02-2020 - 19:19 11-04-2016 - 21:59
CVE-2010-1450 7.5
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expan
18-02-2020 - 19:41 27-05-2010 - 19:30
CVE-2020-5313 5.8
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
18-02-2020 - 16:15 03-01-2020 - 01:15
CVE-2016-5195 7.2
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc
17-02-2020 - 16:15 10-11-2016 - 21:59
CVE-2014-4607 6.8
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
14-02-2020 - 15:26 12-02-2020 - 14:15
CVE-2018-7159 5.0
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Conte
13-02-2020 - 15:55 17-05-2018 - 14:29
CVE-2013-4166 5.0
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encry
10-02-2020 - 18:47 06-02-2020 - 15:15
CVE-2020-5208 6.5
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especial
09-02-2020 - 20:15 05-02-2020 - 14:15
CVE-2012-6686 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4357. Reason: This candidate is a duplicate of CVE-2013-4357. Notes: All CVE users should reference CVE-2013-4357 instead of this candidate. All references and descriptions in this c
07-02-2020 - 21:15 07-02-2020 - 21:15
CVE-2019-18634 4.6
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upst
07-02-2020 - 17:15 29-01-2020 - 18:15
CVE-2017-9462 9.0
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
05-02-2020 - 18:32 06-06-2017 - 21:29
CVE-2019-14867 6.8
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data.
05-02-2020 - 00:15 27-11-2019 - 09:15
CVE-2015-0244 7.5
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafte
31-01-2020 - 20:18 27-01-2020 - 16:15
CVE-2015-0294 5.0
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
31-01-2020 - 15:24 27-01-2020 - 16:15
CVE-2019-19232 5.0
** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this
30-01-2020 - 16:15 19-12-2019 - 21:15
CVE-2020-7053 4.6
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is relate
30-01-2020 - 16:15 14-01-2020 - 21:15
CVE-2019-0155 7.2
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G390
30-01-2020 - 11:15 14-11-2019 - 19:15
CVE-2019-9500 7.9
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an h
29-01-2020 - 15:19 16-01-2020 - 21:15
CVE-2019-9503 7.9
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will c
29-01-2020 - 15:17 16-01-2020 - 21:15
CVE-2019-18660 1.9
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.
28-01-2020 - 19:47 27-11-2019 - 23:15
CVE-2020-2655 5.8
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to comprom
28-01-2020 - 13:15 15-01-2020 - 17:15
CVE-2011-1072 3.3
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnera
23-01-2020 - 14:33 03-03-2011 - 01:00
CVE-2020-5395 6.8
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
22-01-2020 - 01:15 03-01-2020 - 20:15
CVE-2017-7562 4.0
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary prin
21-01-2020 - 16:48 26-07-2018 - 15:29
CVE-2014-7844 7.2
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
21-01-2020 - 16:05 14-01-2020 - 17:15
CVE-2018-5730 5.5
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w
21-01-2020 - 15:47 06-03-2018 - 20:29
CVE-2015-8631 6.8
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL pr
21-01-2020 - 15:47 13-02-2016 - 02:59
CVE-2016-3120 4.0
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows r
21-01-2020 - 15:47 01-08-2016 - 02:59
CVE-2010-1321 6.8
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allo
21-01-2020 - 15:47 19-05-2010 - 18:30
CVE-2009-0846 10.0
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code
21-01-2020 - 15:47 09-04-2009 - 00:30
CVE-2014-9423 5.0
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attacker
21-01-2020 - 15:46 19-02-2015 - 11:59
CVE-2014-9422 6.1
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obta
21-01-2020 - 15:46 19-02-2015 - 11:59
CVE-2014-4344 7.8
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)
21-01-2020 - 15:46 14-08-2014 - 05:01
CVE-2014-4345 8.5
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authe
21-01-2020 - 15:46 14-08-2014 - 05:01
CVE-2010-4020 3.5
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the smal
21-01-2020 - 15:46 02-12-2010 - 16:22
CVE-2013-1416 4.0
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of s
21-01-2020 - 15:46 19-04-2013 - 11:44
CVE-2010-1322 6.5
The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of s
21-01-2020 - 15:46 07-10-2010 - 21:00
CVE-2011-1529 7.8
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of servic
21-01-2020 - 15:46 20-10-2011 - 21:55
CVE-2013-1415 7.1
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors
21-01-2020 - 15:46 05-03-2013 - 05:05
CVE-2010-1323 2.6
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distrib
21-01-2020 - 15:46 02-12-2010 - 16:22
CVE-2015-2694 5.8
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1
21-01-2020 - 15:46 25-05-2015 - 19:59
CVE-2011-0285 10.0
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service
21-01-2020 - 15:46 15-04-2011 - 00:55
CVE-2012-1015 9.3
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for
21-01-2020 - 15:46 06-08-2012 - 16:55
CVE-2011-0282 5.0
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted princi
21-01-2020 - 15:46 10-02-2011 - 18:00
CVE-2011-0284 7.6
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (dae
21-01-2020 - 15:46 20-03-2011 - 02:00
CVE-2007-4743 10.0
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check th
21-01-2020 - 15:45 06-09-2007 - 22:17
CVE-2009-4212 10.0
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly
21-01-2020 - 15:45 13-01-2010 - 19:30
CVE-2007-4000 8.5
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow
21-01-2020 - 15:45 05-09-2007 - 10:17
CVE-2006-3083 7.2
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain pr
21-01-2020 - 15:45 09-08-2006 - 10:04
CVE-2007-2798 7.4
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
21-01-2020 - 15:45 26-06-2007 - 22:30
CVE-2007-3999 10.0
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third
21-01-2020 - 15:45 05-09-2007 - 10:17
CVE-2008-0947 10.0
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
21-01-2020 - 15:45 19-03-2008 - 00:44
CVE-2010-0629 4.0
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an inva
21-01-2020 - 15:45 07-04-2010 - 15:30
CVE-2020-0603 9.3
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.N
17-01-2020 - 19:22 14-01-2020 - 23:15
CVE-2019-17012 6.8
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
16-01-2020 - 19:15 08-01-2020 - 22:15
CVE-2014-3596 5.8
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to
15-01-2020 - 20:15 27-08-2014 - 00:55
CVE-2019-9812 5.8
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that di
13-01-2020 - 19:51 08-01-2020 - 22:15
CVE-2011-3585 1.9
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
10-01-2020 - 17:53 31-12-2019 - 20:15
CVE-2014-5118 2.1
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
10-01-2020 - 14:15 18-11-2019 - 23:15
CVE-2018-5733 5.0
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4
09-01-2020 - 21:08 16-01-2019 - 20:29
CVE-2017-3144 5.0
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older ve
09-01-2020 - 21:07 16-01-2019 - 20:29
CVE-2014-8182 4.3
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
09-01-2020 - 16:39 02-01-2020 - 23:15
CVE-2016-2774 7.1
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establis
08-01-2020 - 17:17 09-03-2016 - 15:59
CVE-2012-3955 7.1
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later red
08-01-2020 - 17:16 14-09-2012 - 10:33
CVE-2019-14896 10.0
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join
03-01-2020 - 11:15 27-11-2019 - 09:15
CVE-2016-6198 4.9
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related t
27-12-2019 - 16:08 06-08-2016 - 20:59
CVE-2016-5444 4.3
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related
27-12-2019 - 16:08 21-07-2016 - 10:14
CVE-2016-5387 5.1
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app
27-12-2019 - 16:08 19-07-2016 - 02:00
CVE-2016-5386 6.8
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi
27-12-2019 - 16:08 19-07-2016 - 02:00
CVE-2016-5408 7.5
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerabil
27-12-2019 - 16:08 10-08-2016 - 14:59
CVE-2016-7166 4.3
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
27-12-2019 - 16:08 21-09-2016 - 14:25
CVE-2015-8000 5.0
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
27-12-2019 - 16:08 16-12-2015 - 15:59
CVE-2016-5404 4.0
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
27-12-2019 - 16:08 07-09-2016 - 20:59
CVE-2016-5385 5.1
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attacker
27-12-2019 - 16:08 19-07-2016 - 02:00
CVE-2016-4556 5.0
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. <a href="http://cwe.mitre.org/data/definitions/415.html">
27-12-2019 - 16:08 10-05-2016 - 19:59
CVE-2016-5265 4.0
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML docu
27-12-2019 - 16:08 05-08-2016 - 01:59
CVE-2015-6248 4.3
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application cras
27-12-2019 - 16:08 24-08-2015 - 23:59
CVE-2016-4470 4.9
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft
27-12-2019 - 16:08 27-06-2016 - 10:59
CVE-2016-2802 6.8
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have
27-12-2019 - 16:08 13-03-2016 - 18:59
CVE-2016-1714 6.9
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-o
27-12-2019 - 16:08 07-04-2016 - 19:59
CVE-2015-3455 2.6
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle atta
27-12-2019 - 16:08 18-05-2015 - 15:59
CVE-2015-4879 4.6
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
27-12-2019 - 16:08 21-10-2015 - 23:59
CVE-2015-4643 7.5
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ov
27-12-2019 - 16:08 16-05-2016 - 10:59
CVE-2016-1950 6.8
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via
27-12-2019 - 16:08 13-03-2016 - 18:59
CVE-2016-1935 9.3
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
27-12-2019 - 16:08 31-01-2016 - 18:59
CVE-2016-2776 7.8
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted
27-12-2019 - 16:08 28-09-2016 - 10:59
CVE-2015-1819 5.0
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
27-12-2019 - 16:08 14-08-2015 - 18:59
CVE-2016-0778 4.6
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows r
27-12-2019 - 16:08 14-01-2016 - 22:59
CVE-2019-19334 7.5
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this fl
18-12-2019 - 18:15 06-12-2019 - 16:15
CVE-2018-5743 4.3
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the co
18-12-2019 - 18:15 09-10-2019 - 16:15
CVE-2019-18397 6.8
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user
18-12-2019 - 04:15 13-11-2019 - 14:15
CVE-2010-1850 6.0
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
17-12-2019 - 20:26 08-06-2010 - 00:30
CVE-2009-2446 8.5
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other
17-12-2019 - 20:26 13-07-2009 - 17:30
CVE-2012-0490 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
17-12-2019 - 20:26 18-01-2012 - 22:55
CVE-2013-3808 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
17-12-2019 - 20:23 17-07-2013 - 13:41
CVE-2012-3197 3.5
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
17-12-2019 - 20:23 17-10-2012 - 00:55
CVE-2010-3840 4.0
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a
17-12-2019 - 20:23 14-01-2011 - 19:02
CVE-2012-2102 3.5
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
17-12-2019 - 20:23 17-08-2012 - 00:55
CVE-2012-0583 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
17-12-2019 - 20:23 03-05-2012 - 22:55
CVE-2014-0437 3.5
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
17-12-2019 - 20:23 15-01-2014 - 16:08
CVE-2013-0389 6.8
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
17-12-2019 - 20:23 17-01-2013 - 01:55
CVE-2006-4226 3.6
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have pe
17-12-2019 - 20:16 18-08-2006 - 20:04
CVE-2009-4030 4.4
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks
17-12-2019 - 20:07 30-11-2009 - 17:30
CVE-2015-1853 4.0
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in c
17-12-2019 - 17:52 09-12-2019 - 19:15
CVE-2014-0242 4.3
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thr
17-12-2019 - 17:22 09-12-2019 - 20:15
CVE-2008-2079 4.6
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY argume
17-12-2019 - 15:25 05-05-2008 - 16:20
CVE-2014-2438 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
17-12-2019 - 15:25 16-04-2014 - 02:55
CVE-2018-18384 4.3
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
16-12-2019 - 20:24 16-10-2018 - 16:50
CVE-2014-9636 5.0
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
16-12-2019 - 20:24 06-02-2015 - 15:59
CVE-2019-6465 4.3
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9
16-12-2019 - 16:57 09-10-2019 - 16:15
CVE-2017-14604 4.0
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command.
11-12-2019 - 14:12 20-09-2017 - 08:29
CVE-2019-13038 4.3
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
28-11-2019 - 04:15 29-06-2019 - 14:15
CVE-2014-3585 10.0
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
25-11-2019 - 16:37 22-11-2019 - 15:15
CVE-2015-3167 5.0
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via
22-11-2019 - 15:18 20-11-2019 - 21:15
CVE-2019-14818 5.0
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM me
22-11-2019 - 03:15 14-11-2019 - 17:15
CVE-2012-6136 4.9
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
21-11-2019 - 19:50 20-11-2019 - 15:15
CVE-2019-3003 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
18-11-2019 - 16:15 16-10-2019 - 18:15
CVE-2019-10218 4.3
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB
16-11-2019 - 03:15 06-11-2019 - 10:15
CVE-2019-17042 7.5
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account fo
14-11-2019 - 01:15 07-10-2019 - 16:15
CVE-2018-5742 4.3
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other
07-11-2019 - 18:33 30-10-2019 - 14:15
CVE-2019-6470 5.0
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function
06-11-2019 - 21:52 01-11-2019 - 23:15
CVE-2018-20657 5.0
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-201
06-11-2019 - 01:15 02-01-2019 - 14:29
CVE-2019-6706 5.0
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
06-11-2019 - 01:15 23-01-2019 - 19:29
CVE-2018-10393 5.0
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
06-11-2019 - 01:15 26-04-2018 - 05:29
CVE-2019-6471 4.3
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the
01-11-2019 - 13:34 09-10-2019 - 16:15
CVE-2019-18408 5.0
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
01-11-2019 - 11:15 24-10-2019 - 14:15
CVE-2018-8945 4.3
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
31-10-2019 - 01:15 22-03-2018 - 21:29
CVE-2018-15127 7.5
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
31-10-2019 - 01:15 19-12-2018 - 16:29
CVE-2019-1010180 6.8
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging.
31-10-2019 - 01:15 24-07-2019 - 13:15
CVE-2019-17133 7.5
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
28-10-2019 - 02:15 04-10-2019 - 12:15
CVE-2019-14823 5.8
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly ver
25-10-2019 - 19:15 14-10-2019 - 20:15
CVE-2014-9365 5.8
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify tha
25-10-2019 - 11:53 12-12-2014 - 11:59
CVE-2014-7185 6.4
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
25-10-2019 - 11:53 08-10-2014 - 17:55
CVE-2013-4238 4.3
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof ar
25-10-2019 - 11:53 18-08-2013 - 02:52
CVE-2008-5031 10.0
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs fun
25-10-2019 - 11:53 10-11-2008 - 16:15
CVE-2011-1521 6.4
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (r
25-10-2019 - 11:53 24-05-2011 - 23:55
CVE-2010-2089 5.0
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arg
25-10-2019 - 11:53 27-05-2010 - 19:30
CVE-2012-1150 5.0
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU
25-10-2019 - 11:53 05-10-2012 - 21:55
CVE-2019-17666 8.3
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
24-10-2019 - 19:15 17-10-2019 - 02:15
CVE-2018-14665 7.2
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the
22-10-2019 - 23:15 25-10-2018 - 20:29
CVE-2018-18066 5.0
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
16-10-2019 - 18:15 08-10-2018 - 18:29
CVE-2019-3817 6.8
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious cod
09-10-2019 - 23:49 27-03-2019 - 13:29
CVE-2019-3890 5.8
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the diffe
09-10-2019 - 23:49 01-08-2019 - 14:15
CVE-2019-3825 6.9
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to
09-10-2019 - 23:49 06-02-2019 - 20:29
CVE-2019-10153 4.0
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automate
09-10-2019 - 23:44 30-07-2019 - 23:15
CVE-2019-10183 2.1
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the s
09-10-2019 - 23:44 03-07-2019 - 14:15
CVE-2018-5379 7.5
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an
09-10-2019 - 23:41 19-02-2018 - 13:29
CVE-2018-1089 5.0
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl
09-10-2019 - 23:38 09-05-2018 - 15:29
CVE-2018-1139 4.3
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between
09-10-2019 - 23:38 22-08-2018 - 14:29
CVE-2018-1106 2.1
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a
09-10-2019 - 23:38 23-04-2018 - 20:29
CVE-2018-1084 7.5
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
09-10-2019 - 23:38 12-04-2018 - 17:29
CVE-2018-1113 4.6
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell bein
09-10-2019 - 23:38 03-07-2018 - 01:29
CVE-2018-1080 6.8
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz
09-10-2019 - 23:38 03-07-2018 - 01:29
CVE-2018-1086 5.0
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
09-10-2019 - 23:38 12-04-2018 - 16:29
CVE-2018-1049 4.3
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will h
09-10-2019 - 23:38 16-02-2018 - 21:29
CVE-2018-16863 9.3
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript d
09-10-2019 - 23:36 03-12-2018 - 17:29
CVE-2018-14638 5.0
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
09-10-2019 - 23:35 14-09-2018 - 19:29
CVE-2018-14648 7.8
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
09-10-2019 - 23:35 28-09-2018 - 13:29
CVE-2018-15688 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
09-10-2019 - 23:35 26-10-2018 - 14:29
CVE-2018-14650 1.9
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-coll
09-10-2019 - 23:35 27-09-2018 - 20:29
CVE-2018-14646 4.9
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assi
09-10-2019 - 23:35 26-11-2018 - 19:29
CVE-2018-10910 2.1
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication
09-10-2019 - 23:33 28-01-2019 - 15:29
CVE-2018-10852 5.0
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo
09-10-2019 - 23:33 26-06-2018 - 14:29
CVE-2018-10932 3.3
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
09-10-2019 - 23:33 21-08-2018 - 18:29
CVE-2018-10873 6.5
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p
09-10-2019 - 23:33 17-08-2018 - 12:29
CVE-2018-10896 3.6
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template sys
09-10-2019 - 23:33 01-08-2018 - 17:29
CVE-2018-10902 4.6
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmi
09-10-2019 - 23:33 21-08-2018 - 19:29
CVE-2018-1002200 4.3
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
09-10-2019 - 23:32 25-07-2018 - 17:29
CVE-2017-7518 4.6
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/pr
09-10-2019 - 23:29 30-07-2018 - 15:29
CVE-2017-7558 5.0
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in
09-10-2019 - 23:29 26-07-2018 - 15:29
CVE-2017-7537 5.0
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick t
09-10-2019 - 23:29 26-07-2018 - 13:29
CVE-2017-7546 7.5
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
09-10-2019 - 23:29 16-08-2017 - 18:29
CVE-2017-2640 7.5
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
09-10-2019 - 23:27 27-07-2018 - 18:29
CVE-2017-3145 5.0
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to
09-10-2019 - 23:27 16-01-2019 - 20:29
CVE-2017-2668 4.3
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bin
09-10-2019 - 23:27 22-06-2018 - 13:29
CVE-2017-3137 5.0
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which record
09-10-2019 - 23:27 16-01-2019 - 20:29
CVE-2017-3135 4.3
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3
09-10-2019 - 23:27 16-01-2019 - 20:29
CVE-2017-2616 4.7
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
09-10-2019 - 23:26 27-07-2018 - 19:29
CVE-2017-2590 5.5
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable,
09-10-2019 - 23:26 27-07-2018 - 18:29
CVE-2017-2628 7.5
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue
09-10-2019 - 23:26 12-03-2018 - 15:29
CVE-2017-2619 6.0
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
09-10-2019 - 23:26 12-03-2018 - 15:29
CVE-2017-15097 7.2
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
09-10-2019 - 23:24 27-07-2018 - 20:29
CVE-2017-15101 7.5
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
09-10-2019 - 23:24 27-07-2018 - 20:29
CVE-2017-12163 4.8
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to
09-10-2019 - 23:22 26-07-2018 - 16:29
CVE-2017-12173 4.0
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a gi
09-10-2019 - 23:22 27-07-2018 - 16:29
CVE-2016-9575 6.5
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify p
09-10-2019 - 23:20 13-03-2018 - 13:29
CVE-2016-8635 4.3
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g
09-10-2019 - 23:20 01-08-2018 - 13:29
CVE-2016-9600 4.3
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
09-10-2019 - 23:20 12-03-2018 - 15:29
CVE-2016-9578 5.0
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
09-10-2019 - 23:20 27-07-2018 - 21:29
CVE-2016-7056 2.1
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
09-10-2019 - 23:19 10-09-2018 - 16:29
CVE-2016-7035 7.2
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon t
09-10-2019 - 23:19 10-09-2018 - 16:29
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
09-10-2019 - 23:11 24-09-2014 - 18:48
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
09-10-2019 - 23:06 08-02-2013 - 19:55
CVE-2011-3145 7.5
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
09-10-2019 - 23:03 22-04-2019 - 16:29
CVE-2011-1910 5.0
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative
09-10-2019 - 23:02 31-05-2011 - 20:55
CVE-2009-0783 4.6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)
09-10-2019 - 22:58 05-06-2009 - 16:00
CVE-2019-11752 9.3
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.
04-10-2019 - 18:15 27-09-2019 - 18:15
CVE-2018-6560 4.6
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in
03-10-2019 - 00:03 02-02-2018 - 14:29
CVE-2018-18505 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created
03-10-2019 - 00:03 05-02-2019 - 21:29
CVE-2018-5117 5.0
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can misle
03-10-2019 - 00:03 11-06-2018 - 21:29
CVE-2017-8932 4.3
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progress
03-10-2019 - 00:03 06-07-2017 - 16:29
CVE-2018-6574 4.6
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not bloc
03-10-2019 - 00:03 07-02-2018 - 21:29
CVE-2017-6214 5.0
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
03-10-2019 - 00:03 23-02-2017 - 17:59
CVE-2018-8897 7.2
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that
03-10-2019 - 00:03 08-05-2018 - 18:29
CVE-2018-19409 7.5
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
03-10-2019 - 00:03 21-11-2018 - 16:29
CVE-2018-7727 4.3
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
03-10-2019 - 00:03 06-03-2018 - 17:29
CVE-2018-5383 4.3
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generat
03-10-2019 - 00:03 07-08-2018 - 21:29
CVE-2018-5185 4.3
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
03-10-2019 - 00:03 11-06-2018 - 21:29
CVE-2018-6871 5.0
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
03-10-2019 - 00:03 09-02-2018 - 06:29
CVE-2017-5898 2.1
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large A
03-10-2019 - 00:03 15-03-2017 - 19:59
CVE-2017-5664 5.0
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request
03-10-2019 - 00:03 06-06-2017 - 14:29
CVE-2018-20217 3.5
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U
03-10-2019 - 00:03 26-12-2018 - 21:29
CVE-2018-5740 5.0
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feat
03-10-2019 - 00:03 16-01-2019 - 20:29
CVE-2017-8386 6.5
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain pr
03-10-2019 - 00:03 01-06-2017 - 16:29
CVE-2017-7547 4.0
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having
03-10-2019 - 00:03 16-08-2017 - 18:29
CVE-2017-7830 4.3
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderb
03-10-2019 - 00:03 11-06-2018 - 21:29
CVE-2018-20534 4.3
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying
03-10-2019 - 00:03 28-12-2018 - 16:29
CVE-2017-9461 6.8
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
03-10-2019 - 00:03 06-06-2017 - 21:29
CVE-2017-8779 7.8
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (mem
03-10-2019 - 00:03 04-05-2017 - 14:29
CVE-2018-19662 5.8
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
03-10-2019 - 00:03 29-11-2018 - 08:29
CVE-2018-6764 4.6
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
03-10-2019 - 00:03 23-02-2018 - 17:29
CVE-2017-7472 4.9
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
03-10-2019 - 00:03 11-05-2017 - 19:29
CVE-2017-7895 10.0
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted reque
03-10-2019 - 00:03 28-04-2017 - 10:59
CVE-2017-7396 5.0
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
03-10-2019 - 00:03 01-04-2017 - 02:59
CVE-2018-9251 2.6
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnera
03-10-2019 - 00:03 04-04-2018 - 02:29
CVE-2017-5551 3.6
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid pro
03-10-2019 - 00:03 06-02-2017 - 06:59
CVE-2017-3139 5.0
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
03-10-2019 - 00:03 09-04-2019 - 18:29
CVE-2017-8422 7.2
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
03-10-2019 - 00:03 17-05-2017 - 14:29
CVE-2018-16597 4.9
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
03-10-2019 - 00:03 21-09-2018 - 16:29
CVE-2018-16888 1.9
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the
03-10-2019 - 00:03 14-01-2019 - 22:29
CVE-2017-3651 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileg
03-10-2019 - 00:03 08-08-2017 - 15:29
CVE-2018-16395 7.5
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may
03-10-2019 - 00:03 16-11-2018 - 18:29
CVE-2018-18074 5.0
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
03-10-2019 - 00:03 09-10-2018 - 17:29
CVE-2017-3143 4.3
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. A
03-10-2019 - 00:03 16-01-2019 - 20:29
CVE-2018-16509 9.3
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instr
03-10-2019 - 00:03 05-09-2018 - 06:29
CVE-2018-14526 3.3
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abu
03-10-2019 - 00:03 08-08-2018 - 19:29
CVE-2018-13405 4.6
The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a me
03-10-2019 - 00:03 06-07-2018 - 14:29
CVE-2018-1122 4.4
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities
03-10-2019 - 00:03 23-05-2018 - 14:29
CVE-2017-15131 4.6
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux
03-10-2019 - 00:03 09-01-2018 - 21:29
CVE-2017-13725 7.5
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
03-10-2019 - 00:03 14-09-2017 - 06:29
CVE-2018-12020 5.0
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" optio
03-10-2019 - 00:03 08-06-2018 - 21:29
CVE-2018-11439 4.3
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
03-10-2019 - 00:03 30-05-2018 - 13:29
CVE-2018-12180 6.8
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
03-10-2019 - 00:03 27-03-2019 - 20:29
CVE-2017-14482 6.8
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched exten
03-10-2019 - 00:03 14-09-2017 - 16:29
CVE-2018-10906 4.6
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_
03-10-2019 - 00:03 24-07-2018 - 20:29
CVE-2018-1111 7.9
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network ab
03-10-2019 - 00:03 17-05-2018 - 16:29
CVE-2018-1061 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
03-10-2019 - 00:03 19-06-2018 - 12:29
CVE-2018-1000301 6.4
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP
03-10-2019 - 00:03 24-05-2018 - 13:29
CVE-2017-13167 7.2
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
03-10-2019 - 00:03 06-12-2017 - 14:29
CVE-2017-13087 2.9
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames f
03-10-2019 - 00:03 17-10-2017 - 13:29
CVE-2017-12613 3.6
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially r
03-10-2019 - 00:03 24-10-2017 - 01:29
CVE-2017-13088 2.9
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to repl
03-10-2019 - 00:03 17-10-2017 - 13:29
CVE-2018-1000001 7.2
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
03-10-2019 - 00:03 31-01-2018 - 14:29
CVE-2017-10987 5.0
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
03-10-2019 - 00:03 17-07-2017 - 17:29
CVE-2017-0553 7.6
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process
03-10-2019 - 00:03 07-04-2017 - 22:59
CVE-2017-1000083 6.8
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option su
03-10-2019 - 00:03 05-09-2017 - 06:29
CVE-2017-1000367 6.9
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
03-10-2019 - 00:03 05-06-2017 - 14:29
CVE-2017-1000116 10.0
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
03-10-2019 - 00:03 05-10-2017 - 01:29
CVE-2017-1000379 7.2
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
03-10-2019 - 00:03 19-06-2017 - 16:29
CVE-2017-1000117 6.8
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of
03-10-2019 - 00:03 05-10-2017 - 01:29
CVE-2019-6446 7.5
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: thir
01-10-2019 - 00:15 16-01-2019 - 05:29
CVE-2019-5094 4.6
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition
28-09-2019 - 03:15 24-09-2019 - 22:15
CVE-2016-2118 6.8
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
27-09-2019 - 17:17 12-04-2016 - 23:59
CVE-2015-7529 4.6
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$host
27-09-2019 - 15:52 06-11-2017 - 17:29
CVE-2019-0203 5.0
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.
27-09-2019 - 15:33 26-09-2019 - 16:15
CVE-2011-3439 9.3
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
26-09-2019 - 17:05 11-11-2011 - 18:55
CVE-2010-1797 9.3
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 o
26-09-2019 - 17:05 16-08-2010 - 18:39
CVE-2011-2767 10.0
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control
24-09-2019 - 18:15 26-08-2018 - 16:29
CVE-2019-9456 4.6
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation
24-09-2019 - 15:15 06-09-2019 - 22:15
CVE-2019-14821 7.2
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wher
24-09-2019 - 03:15 19-09-2019 - 18:15
CVE-2019-11324 5.0
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure i
14-09-2019 - 18:15 18-04-2019 - 21:29
CVE-2015-9382 4.3
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
10-09-2019 - 03:15 03-09-2019 - 05:15
CVE-2019-11500 7.5
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
06-09-2019 - 15:15 29-08-2019 - 14:15
CVE-2009-2698 7.2
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
05-09-2019 - 15:45 27-08-2009 - 17:30
CVE-2019-13616 6.8
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
05-09-2019 - 15:15 16-07-2019 - 17:15
CVE-2019-9506 4.8
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") tha
28-08-2019 - 11:15 14-08-2019 - 17:15
CVE-2019-1010305 4.3
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm
23-08-2019 - 23:15 15-07-2019 - 15:15
CVE-2019-13638 9.3
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable sy
16-08-2019 - 12:15 26-07-2019 - 13:15
CVE-2019-11708 10.0
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vuln
15-08-2019 - 18:15 23-07-2019 - 14:15
CVE-2019-10185 6.4
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the
15-08-2019 - 15:15 31-07-2019 - 23:15
CVE-2017-9788 6.4
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial ke
15-08-2019 - 09:15 13-07-2017 - 16:29
CVE-2019-9959 4.3
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attac
13-08-2019 - 03:15 22-07-2019 - 15:15
CVE-2018-7225 7.5
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
09-08-2019 - 23:15 19-02-2018 - 15:29
CVE-2018-11781 4.6
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
06-08-2019 - 21:15 17-09-2018 - 14:29
CVE-2019-3811 2.7
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac
06-08-2019 - 17:15 15-01-2019 - 15:29
CVE-2018-7456 4.3
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the T
06-08-2019 - 17:15 24-02-2018 - 06:29
CVE-2019-6501 2.1
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
06-08-2019 - 17:15 21-03-2019 - 16:01
CVE-2018-18585 4.3
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
06-08-2019 - 17:15 23-10-2018 - 02:29
CVE-2018-19044 3.3
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a s
06-08-2019 - 17:15 08-11-2018 - 20:29
CVE-2018-7730 4.3
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.
06-08-2019 - 17:15 06-03-2018 - 18:29
CVE-2018-6790 5.0
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG eleme
06-08-2019 - 17:15 07-02-2018 - 02:29
CVE-2018-9305 5.8
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
06-08-2019 - 17:15 04-04-2018 - 21:29
CVE-2018-19788 9.0
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
06-08-2019 - 17:15 03-12-2018 - 06:29
CVE-2018-19199 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
06-08-2019 - 17:15 12-11-2018 - 15:29
CVE-2018-13259 7.5
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
06-08-2019 - 17:15 05-09-2018 - 08:29
CVE-2017-18189 5.0
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
06-08-2019 - 17:15 15-02-2018 - 10:29
CVE-2018-16842 6.4
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
06-08-2019 - 17:15 31-10-2018 - 19:29
CVE-2018-14348 5.5
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
06-08-2019 - 17:15 14-08-2018 - 18:29
CVE-2018-16858 7.5
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice
06-08-2019 - 17:15 25-03-2019 - 18:29
CVE-2018-17336 4.6
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malfo
06-08-2019 - 17:15 22-09-2018 - 16:29
CVE-2018-16427 2.1
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
06-08-2019 - 17:15 04-09-2018 - 00:29
CVE-2018-15864 2.1
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt ca
06-08-2019 - 17:15 25-08-2018 - 21:29
CVE-2017-15112 2.1
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
06-08-2019 - 17:15 20-01-2018 - 00:29
CVE-2018-10893 6.5
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
06-08-2019 - 17:15 11-09-2018 - 15:29
CVE-2018-10689 4.3
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the
06-08-2019 - 17:15 03-05-2018 - 07:29
CVE-2016-10739 4.6
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume tha
06-08-2019 - 17:15 21-01-2019 - 19:29
CVE-2019-0160 7.5
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
06-08-2019 - 17:15 27-03-2019 - 20:29
CVE-2018-7485 7.5
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
06-08-2019 - 15:15 26-02-2018 - 14:29
CVE-2018-4700 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this c
05-08-2019 - 19:15 05-08-2019 - 19:15
CVE-2018-12697 5.0
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
03-08-2019 - 13:15 23-06-2018 - 23:29
CVE-2019-7317 2.6
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
01-08-2019 - 17:15 04-02-2019 - 08:29
CVE-2008-0122 10.0
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code
01-08-2019 - 12:12 16-01-2008 - 02:00
CVE-2018-1126 7.5
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
30-07-2019 - 13:15 23-05-2018 - 13:29
CVE-2018-1000156 6.8
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via th
30-07-2019 - 10:15 06-04-2018 - 13:29
CVE-2018-1312 6.8
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con
29-07-2019 - 19:15 26-03-2018 - 15:29
CVE-2013-6466 5.0
Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Poin
29-07-2019 - 14:24 26-01-2014 - 20:55
CVE-2011-4073 4.0
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continu
29-07-2019 - 14:24 17-11-2011 - 19:55
CVE-2009-2185 5.0
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attacker
29-07-2019 - 14:24 25-06-2009 - 02:00
CVE-2009-0790 5.0
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_
29-07-2019 - 14:24 01-04-2009 - 10:30
CVE-2011-3380 5.0
Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling
29-07-2019 - 13:26 17-11-2011 - 19:55
CVE-2010-3753 6.5
programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-
29-07-2019 - 13:26 05-10-2010 - 22:00
CVE-2013-2053 6.8
Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code
29-07-2019 - 13:26 09-07-2013 - 17:55
CVE-2019-9820 7.5
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
26-07-2019 - 16:15 23-07-2019 - 14:15
CVE-2019-13636 5.8
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
24-07-2019 - 17:15 17-07-2019 - 21:15
CVE-2019-3823 5.0
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed n
23-07-2019 - 23:15 06-02-2019 - 20:29
CVE-2018-17199 5.0
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session
23-07-2019 - 23:15 30-01-2019 - 22:29
CVE-2018-8780 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional director
21-07-2019 - 12:15 03-04-2018 - 22:29
CVE-2019-12779 6.6
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
19-07-2019 - 12:15 07-06-2019 - 20:29
CVE-2013-0334 5.0
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
16-07-2019 - 12:21 31-10-2014 - 14:55
CVE-2017-2626 2.1
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
14-07-2019 - 21:15 27-07-2018 - 19:29
CVE-2014-8567 9.4
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
09-07-2019 - 12:29 14-11-2014 - 15:59
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
03-07-2019 - 17:25 09-11-2009 - 17:30
CVE-2019-13045 6.8
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
03-07-2019 - 15:15 29-06-2019 - 14:15
CVE-2018-20815 7.5
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
02-07-2019 - 23:15 31-05-2019 - 22:29
CVE-2019-3896 7.2
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
01-07-2019 - 20:15 19-06-2019 - 00:15
CVE-2019-5785 4.3
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
01-07-2019 - 18:32 27-06-2019 - 17:15
CVE-2019-9796 7.5
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controll
26-06-2019 - 15:31 26-04-2019 - 17:29
CVE-2015-3281 5.0
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of pre
26-06-2019 - 13:49 06-07-2015 - 15:59
CVE-2019-3804 5.0
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which c
20-06-2019 - 18:15 26-03-2019 - 18:29
CVE-2019-9024 5.0
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlr
18-06-2019 - 18:15 22-02-2019 - 23:29
CVE-2019-9213 4.9
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check
17-06-2019 - 21:15 05-03-2019 - 22:29
CVE-2015-1781 6.8
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS respo
17-06-2019 - 19:36 28-09-2015 - 20:59
CVE-2013-4324 4.6
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race co
17-06-2019 - 13:55 03-10-2013 - 21:55
CVE-2014-0114 7.5
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
15-06-2019 - 17:29 30-04-2014 - 10:49
CVE-2015-3195 5.0
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob
14-06-2019 - 14:44 06-12-2015 - 20:59
CVE-2019-3814 4.9
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
14-06-2019 - 03:29 27-03-2019 - 13:29
CVE-2019-7524 7.2
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
14-06-2019 - 03:29 28-03-2019 - 14:29
CVE-2019-12735 9.3
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
13-06-2019 - 21:29 05-06-2019 - 14:29
CVE-2010-3856 7.2
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain
13-06-2019 - 21:29 07-01-2011 - 19:00
CVE-2015-3196 4.3
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (
13-06-2019 - 18:15 06-12-2015 - 20:59
CVE-2019-11236 4.3
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
13-06-2019 - 04:29 15-04-2019 - 15:29
CVE-2018-11784 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause
11-06-2019 - 22:29 04-10-2018 - 13:29
CVE-2019-10132 6.5
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock
11-06-2019 - 16:29 22-05-2019 - 18:29
CVE-2018-15587 4.3
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
10-06-2019 - 07:29 11-02-2019 - 17:29
CVE-2012-5784 5.8
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a do
07-06-2019 - 21:29 04-11-2012 - 22:55
CVE-2016-10745 5.0
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
06-06-2019 - 16:29 08-04-2019 - 13:29
CVE-2019-6454 4.9
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
04-06-2019 - 17:29 21-03-2019 - 16:01
CVE-2019-1543 5.8
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 b
03-06-2019 - 20:29 06-03-2019 - 21:29
CVE-2018-8788 7.5
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
03-06-2019 - 16:29 29-11-2018 - 18:29
CVE-2019-9640 5.0
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
03-06-2019 - 15:29 09-03-2019 - 00:29
CVE-2016-10245 4.3
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.
03-06-2019 - 15:29 24-05-2019 - 17:29
CVE-2019-12155 5.0
interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.
31-05-2019 - 14:29 24-05-2019 - 16:29
CVE-2019-9741 4.3
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
30-05-2019 - 18:29 13-03-2019 - 08:29
CVE-2019-3836 5.0
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
30-05-2019 - 16:29 01-04-2019 - 15:29
CVE-2017-1000368 7.2
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
29-05-2019 - 19:29 05-06-2017 - 16:29
CVE-2019-3885 5.0
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
27-05-2019 - 18:29 18-04-2019 - 18:29
CVE-2019-3880 5.5
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation
27-05-2019 - 08:29 09-04-2019 - 16:29
CVE-2013-1591 10.0
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_s
22-05-2019 - 13:29 31-01-2013 - 23:55
CVE-2019-0981 5.0
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
22-05-2019 - 13:29 16-05-2019 - 19:29
CVE-2018-5819 7.8
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
21-05-2019 - 16:29 20-02-2019 - 18:29
CVE-2017-15134 5.0
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-sla
15-05-2019 - 21:29 01-03-2018 - 22:29
CVE-2018-18559 6.8
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a ra
14-05-2019 - 23:29 22-10-2018 - 16:29
CVE-2019-3863 6.8
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bound
14-05-2019 - 21:29 25-03-2019 - 18:29
CVE-2018-8034 5.0
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
14-05-2019 - 17:29 01-08-2018 - 18:29
CVE-2019-11235 7.5
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar is
13-05-2019 - 18:29 22-04-2019 - 11:29
CVE-2019-10063 6.8
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could other
13-05-2019 - 10:29 26-03-2019 - 14:29
CVE-2019-8383 6.8
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segme
09-05-2019 - 17:29 17-02-2019 - 02:29
CVE-2017-3157 4.3
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections
08-05-2019 - 18:51 20-11-2017 - 20:29
CVE-2019-3878 6.8
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha
07-05-2019 - 09:29 26-03-2019 - 18:29
CVE-2019-7548 6.8
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
07-05-2019 - 07:29 06-02-2019 - 21:29
CVE-2019-3816 5.0
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a sp
07-05-2019 - 07:29 14-03-2019 - 22:29
CVE-2016-7076 7.2
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
06-05-2019 - 21:29 29-05-2018 - 13:29
CVE-2019-3840 3.5
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
05-05-2019 - 05:29 27-03-2019 - 13:29
CVE-2018-10360 4.3
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
02-05-2019 - 14:40 11-06-2018 - 10:29
CVE-2018-13988 4.3
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
25-04-2019 - 14:16 25-07-2018 - 23:29
CVE-2017-3738 4.3