Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-23518

Summary
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At-21 Jan, 2022 | 20:05
Updated At-16 Sep, 2024 | 18:33
Rejected At-
Credits

Prototype Pollution

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:snyk
Assigner Org ID:bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At:21 Jan, 2022 | 20:05
Updated At:16 Sep, 2024 | 18:33
Rejected At:
▼CVE Numbering Authority (CNA)
Prototype Pollution

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

Affected Products
Vendor
n/a
Product
cached-path-relative
Versions
Affected
  • From unspecified before 1.1.0 (custom)
Problem Types
TypeCWE IDDescription
textN/APrototype Pollution
Type: text
CWE ID: N/A
Description: Prototype Pollution
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

P.Adithya Srinivas
Masudul Hasan Masud Bhuiyan
Cristian-Alexandru Staicu
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653
N/A
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246
N/A
https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
N/A
https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html
mailing-list
Hyperlink: https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653
Resource: N/A
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246
Resource: N/A
Hyperlink: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653
x_transferred
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246
x_transferred
https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
x_transferred
https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html
mailing-list
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653
Resource:
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246
Resource:
x_transferred
Hyperlink: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html
Resource:
mailing-list
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:report@snyk.io
Published At:21 Jan, 2022 | 20:15
Updated At:03 Feb, 2023 | 19:16

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

cached-path-relative_project
cached-path-relative_project
>>cached-path-relative>>Versions before 1.1.0(exclusive)
cpe:2.3:a:cached-path-relative_project:cached-path-relative:*:*:*:*:*:node.js:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1321Primarynvd@nist.gov
CWE ID: CWE-1321
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760report@snyk.io
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00006.htmlreport@snyk.io
Mailing List
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246report@snyk.io
Exploit
Issue Tracking
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653report@snyk.io
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
Source: report@snyk.io
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00006.html
Source: report@snyk.io
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2348246
Source: report@snyk.io
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653
Source: report@snyk.io
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1287Records found

CVE-2016-7117
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-24.30% / 97.62%
||
7 Day CHG~0.00%
Published-10 Oct, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CVE-2023-27372
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-99.64% / 99.95%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Action-Not Available
Vendor-spipn/aDebian GNU/Linux
Product-debian_linuxspipn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2007-4657
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.99% / 85.83%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

Action-Not Available
Vendor-n/aCanonical Ltd.The PHP GroupDebian GNU/Linux
Product-debian_linuxubuntu_linuxphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-3463
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-4.87% / 91.07%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 19:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

Action-Not Available
Vendor-pizzashackCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-debian_linuxubuntu_linuxfedorarsshrssh
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-3464
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-4.70% / 90.79%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 19:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

Action-Not Available
Vendor-pizzashackCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-debian_linuxubuntu_linuxfedorarsshrssh
CWE ID-CWE-665
Improper Initialization
CVE-2019-25035
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 78.94%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:17
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.78% / 75.82%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:17
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-25042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 78.94%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:16
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2821
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.43%
||
7 Day CHG~0.00%
Published-29 Aug, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

Action-Not Available
Vendor-n/aApple Inc.Google LLCRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationmac_os_xenterprise_linux_desktopiphone_osenterprise_linux_euschromen/a
CWE ID-CWE-415
Double Free
CVE-2011-2897
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 77.91%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 13:37
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

Action-Not Available
Vendor-gdk-pixbufThe GNOME ProjectDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxgdk-pixbufenterprise_linuxgdk-pixbuf
CWE ID-CWE-20
Improper Input Validation
CVE-2019-20933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.92% / 98.05%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 01:50
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

Action-Not Available
Vendor-influxdatan/aDebian GNU/Linux
Product-influxdbdebian_linuxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-25034
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 78.94%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:17
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-20788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.44% / 82.45%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 18:06
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-19725
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 83.49%
||
7 Day CHG-0.18%
Published-11 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.

Action-Not Available
Vendor-sysstat_projectn/aCanonical Ltd.Debian GNU/Linux
Product-sysstatubuntu_linuxdebian_linuxn/a
CWE ID-CWE-415
Double Free
CVE-2011-3895
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.09% / 79.52%
||
7 Day CHG+0.02%
Published-11 Nov, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.59% / 90.59%
||
7 Day CHG-0.07%
Published-27 Dec, 2019 | 07:14
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-19951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.55% / 83.25%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19330
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.96% / 89.28%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 15:53
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

Action-Not Available
Vendor-haproxyn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxhaproxyn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-19948
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.68% / 88.43%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19950
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.71% / 84.30%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-416
Use After Free
CVE-2005-3302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-3.88% / 89.06%
||
7 Day CHG~0.00%
Published-24 Oct, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

Action-Not Available
Vendor-n/aDebian GNU/LinuxBlender Foundation
Product-debian_linuxblendern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-17531
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.37% / 91.76%
||
7 Day CHG+0.04%
Published-12 Oct, 2019 | 20:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-enterprise_linux_serverretail_sales_auditcommunications_cloud_native_core_network_slice_selection_functioncommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratorprimavera_gatewaybanking_platformoncommand_workflow_automationretail_merchandising_systemglobal_lifecycle_management_nextgen_oui_frameworksteelstore_cloud_integrated_storagedebian_linuxweblogic_serverjackson-databindcommunications_calendar_servertrace_file_analyzercommunications_evolved_communications_application_servergoldengate_application_adapterswebcenter_sitesjboss_enterprise_application_platformjd_edwards_enterpriseone_toolswebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-17670
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.35% / 90.15%
||
7 Day CHG-0.16%
Published-17 Oct, 2019 | 00:00
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-17669
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.06% / 91.36%
||
7 Day CHG-0.18%
Published-17 Oct, 2019 | 12:03
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-18425
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.55% / 83.25%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 13:39
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-17545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 83.46%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Action-Not Available
Vendor-osgeon/aopenSUSEOracle CorporationFedora ProjectDebian GNU/Linux
Product-debian_linuxspatial_and_graphgdalfedorabackports_sleleapn/a
CWE ID-CWE-415
Double Free
CVE-2019-17455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.31%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 17:17
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

Action-Not Available
Vendor-nongnun/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoralibntlmbackports_sleleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-18928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.39% / 82.11%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 03:45
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

Action-Not Available
Vendor-cyrusn/aDebian GNU/LinuxFedora Project
Product-imapdebian_linuxfedoran/a
CVE-2019-17565
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.09% / 86.24%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 21:13
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2019-18823
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.81% / 84.93%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:07
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)

Action-Not Available
Vendor-wiscn/aDebian GNU/LinuxFedora Project
Product-htcondordebian_linuxfedoran/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-18609
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.32% / 87.21%
||
7 Day CHG~0.00%
Published-01 Dec, 2019 | 21:50
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

Action-Not Available
Vendor-rabbitmq-c_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorarabbitmq-cn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5771
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.48% / 96.44%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/Linux
Product-leapdebian_linuxphpopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2019-17559
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.09% / 86.24%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 21:43
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2019-17542
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.31% / 81.42%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:09
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxFFmpeg
Product-ubuntu_linuxffmpegdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-49.98% / 98.78%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEOracle CorporationSUSEDebian GNU/LinuxGraphicsMagick
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopimagemagickgraphicsmagicklinux_enterprise_workstation_extensionstudio_onsitelinux_enterprise_debuginfoleapsolarislinux_enterprise_serverlinuxlinux_enterprise_software_development_kitopensusen/a
CVE-2019-19012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.54% / 95.27%
||
7 Day CHG~0.00%
Published-16 Nov, 2019 | 15:30
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

Action-Not Available
Vendor-oniguruma_projectn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-onigurumadebian_linuxfedoraenterprise_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-5180
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-8.58% / 94.47%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

Action-Not Available
Vendor-c-aresc-ares_projectn/aCanonical Ltd.Debian GNU/LinuxNode.js (OpenJS Foundation)
Product-debian_linuxubuntu_linuxnode.jsc-aresn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5770
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.34% / 93.70%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/Linux
Product-leapdebian_linuxphpopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-17570
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-49.29% / 98.76%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 00:00
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxsoftware_collectionsfedoraenterprise_linuxxml-rpcApache XML-RPC
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-5178
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-1.84% / 76.55%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-enterprise_linux_server_supplementarydebian_linuxleapfedorachromeenterprise_linux_workstation_supplementaryopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7809
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.68% / 84.11%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-n/aMozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausn/a
CWE ID-CWE-416
Use After Free
CVE-2019-16378
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.46% / 82.62%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 11:24
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.

Action-Not Available
Vendor-trusteddomainn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraopendmarcn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-17361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.11% / 96.36%
||
7 Day CHG~0.00%
Published-17 Jan, 2020 | 01:16
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

Action-Not Available
Vendor-saltstackn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxsaltdebian_linuxleapn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-16928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-41.59% / 98.53%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 20:07
Updated-07 Nov, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

Action-Not Available
Vendor-n/aEximCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxeximfedoran/aExim Internet Mailer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.07% / 86.15%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 15:34
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.

Action-Not Available
Vendor-rsyslogn/aDebian GNU/LinuxopenSUSEFedora Project
Product-rsyslogdebian_linuxfedoraleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16942
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.73% / 92.20%
||
7 Day CHG+0.05%
Published-01 Oct, 2019 | 16:04
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-retail_sales_auditprimavera_unifiercommunications_cloud_native_core_network_slice_selection_functiononcommand_api_servicescommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratorprimavera_gatewaysiebel_ui_frameworkenterprise_linuxactive_iq_unified_managerbanking_platformdatabase_serveroncommand_workflow_automationretail_merchandising_systemglobal_lifecycle_management_nextgen_oui_frameworksteelstore_cloud_integrated_storagedebian_linuxweblogic_serverjackson-databindcommunications_calendar_serverfedoracommunications_evolved_communications_application_servergoldengate_application_adapterswebcenter_sitesservice_level_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolswebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-17267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.63% / 90.68%
||
7 Day CHG+0.04%
Published-06 Oct, 2019 | 23:08
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-debian_linuxweblogic_serveroncommand_api_servicesjackson-databindenterprise_linuxactive_iq_unified_managercustomer_management_and_segmentation_foundationgoldengate_application_adaptersoncommand_workflow_automationservice_level_managerjboss_enterprise_application_platformretail_customer_management_and_segmentation_foundationsteelstore_cloud_integrated_storagen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-5108
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.75% / 97.66%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-16943
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.90% / 91.12%
||
7 Day CHG+0.04%
Published-01 Oct, 2019 | 16:06
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-enterprise_linux_serverretail_sales_auditcommunications_cloud_native_core_network_slice_selection_functiononcommand_api_servicescommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratorprimavera_gatewayactive_iq_unified_managerbanking_platformoncommand_workflow_automationretail_merchandising_systemglobal_lifecycle_management_nextgen_oui_frameworksteelstore_cloud_integrated_storagedebian_linuxweblogic_serverjackson-databindcommunications_calendar_servertrace_file_analyzerfedoracommunications_evolved_communications_application_servergoldengate_application_adapterswebcenter_sitesservice_level_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolswebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-8840
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-26.59% / 97.79%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 19:41
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationHuawei Technologies Co., Ltd.FasterXML, LLC.NetApp, Inc.
Product-global_lifecycle_management_opatchdebian_linuxoncommand_api_servicesjackson-databindoceanstor_9000_firmwareoceanstor_9000oncommand_workflow_automationservice_level_managersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 25
  • 26
  • Next
Details not found