Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-3918

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-13 Nov, 2021 | 00:00
Updated At-17 Jan, 2025 | 20:02
Rejected At-
Credits

Prototype Pollution in kriszyp/json-schema

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:13 Nov, 2021 | 00:00
Updated At:17 Jan, 2025 | 20:02
Rejected At:
▼CVE Numbering Authority (CNA)
Prototype Pollution in kriszyp/json-schema

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected Products
Vendor
kriszyp
Product
kriszyp/json-schema
Versions
Affected
  • From unspecified through 0.3.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1321CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Type: CWE
CWE ID: CWE-1321
Description: CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Metrics
VersionBase scoreBase severityVector
3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
N/A
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
N/A
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
mailing-list
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Resource: N/A
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
x_transferred
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
x_transferred
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
mailing-list
x_transferred
https://security.netapp.com/advisory/ntap-20250117-0004/
N/A
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Resource:
x_transferred
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Resource:
mailing-list
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20250117-0004/
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:13 Nov, 2021 | 09:15
Updated At:17 Jan, 2025 | 20:15

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

json-schema_project
json-schema_project
>>json-schema>>Versions before 0.4.0(exclusive)
cpe:2.3:a:json-schema_project:json-schema:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1321Secondarysecurity@huntr.dev
CWE-1321Primarynvd@nist.gov
CWE ID: CWE-1321
Type: Secondary
Source: security@huntr.dev
CWE ID: CWE-1321
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741security@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9security@huntr.dev
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.htmlsecurity@huntr.dev
Mailing List
Third Party Advisory
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250117-0004/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Source: security@huntr.dev
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20250117-0004/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1300Records found

CVE-2021-23518
Matching Score-10
Assigner-Snyk
ShareView Details
Matching Score-10
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-1.94% / 77.89%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:05
Updated-16 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

Action-Not Available
Vendor-cached-path-relative_projectn/aDebian GNU/Linux
Product-cached-path-relativedebian_linuxcached-path-relative
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-37601
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.60% / 83.62%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 00:00
Updated-28 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.

Action-Not Available
Vendor-n/aWebpack (OpenJS Foundation)Debian GNU/Linux
Product-loader-utilsdebian_linuxn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-37616
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 72.03%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."

Action-Not Available
Vendor-xmldom_projectn/aDebian GNU/Linux
Product-debian_linuxxmldomn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23450
Matching Score-10
Assigner-Snyk
ShareView Details
Matching Score-10
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-30.37% / 98.02%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 20:05
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe Linux FoundationOracle Corporation
Product-debian_linuxweblogic_serverprimavera_unifiercommunications_policy_managementdojodojo
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2019-14379
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.11% / 94.19%
||
7 Day CHG+0.07%
Published-29 Jul, 2019 | 11:42
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationApple Inc.Fedora ProjectNetApp, Inc.FasterXML, LLC.Red Hat, Inc.
Product-single_sign-oncommunications_diameter_signaling_routerprimavera_unifiersiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratoropenshift_container_platformprimavera_gatewaysiebel_ui_frameworkenterprise_linuxactive_iq_unified_managerxcodebanking_platformoncommand_workflow_automationcommunications_instant_messaging_serversnapcenterdebian_linuxjackson-databindfinancial_services_analytical_applications_infrastructurefedoragoldengate_stream_analyticsretail_xstore_point_of_serviceservice_level_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolsretail_customer_management_and_segmentation_foundationn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7788
Matching Score-10
Assigner-Snyk
ShareView Details
Matching Score-10
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-3.61% / 88.20%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 10:45
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

Action-Not Available
Vendor-ini_projectn/aDebian GNU/Linux
Product-inidebian_linuxini
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-10018
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.99% / 91.26%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 22:11
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

Action-Not Available
Vendor-wpewebkitwebkitgtkn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorawebkitgtkwpe_webkitleapn/a
CWE ID-CWE-416
Use After Free
CVE-2001-0458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.40% / 82.15%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-ralf_s._engelschalln/aDebian GNU/LinuxMandriva (Mandrakesoft)SUSE
Product-debian_linuxeperlsuse_linuxmandrake_linuxn/a
CVE-2001-0441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.70% / 84.23%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-debian_linuxmandrake_linuxlinuxmandrake_linux_corporate_servern/a
CVE-2019-9215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.17% / 80.28%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

Action-Not Available
Vendor-live555n/aDebian GNU/LinuxopenSUSE
Product-debian_linuxleapbackports_slestreaming_median/a
CVE-2019-9641
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.40% / 94.86%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 23:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

Action-Not Available
Vendor-n/aopenSUSENetApp, Inc.Canonical Ltd.Debian GNU/LinuxThe PHP Group
Product-ubuntu_linuxphpdebian_linuxstorage_automation_storeleapn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-15866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.09% / 79.48%
||
7 Day CHG+0.02%
Published-21 Jul, 2020 | 14:54
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.

Action-Not Available
Vendor-mrubyn/aDebian GNU/Linux
Product-debian_linuxmrubyn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15683
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.65% / 83.94%
||
7 Day CHG+0.03%
Published-22 Oct, 2020 | 20:32
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

Action-Not Available
Vendor-Debian GNU/LinuxopenSUSEMozilla Corporation
Product-thunderbirddebian_linuxfirefoxfirefox_esrleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15227
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-35.23% / 98.26%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 19:00
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution vulnerability

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

Action-Not Available
Vendor-nettenetteDebian GNU/Linux
Product-applicationdebian_linuxapplication
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-12658
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.68% / 74.37%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 00:17
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.

Action-Not Available
Vendor-gssproxy_projectn/aDebian GNU/Linux
Product-debian_linuxgssproxyn/a
CWE ID-CWE-667
Improper Locking
CVE-2016-7446
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.99% / 89.36%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxGraphicsMagick
Product-leapdebian_linuxgraphicsmagickopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-12823
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.62% / 90.66%
||
7 Day CHG~0.00%
Published-12 May, 2020 | 17:07
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Action-Not Available
Vendor-infradeadn/aDebian GNU/LinuxopenSUSEFedora Project
Product-openconnectdebian_linuxfedoraleapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-12279
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.09% / 91.40%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 00:00
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.

Action-Not Available
Vendor-libgit2n/aDebian GNU/Linux
Product-debian_linuxlibgit2n/a
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE-2020-12460
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.68% / 88.45%
||
7 Day CHG~0.00%
Published-27 Jul, 2020 | 22:52
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.

Action-Not Available
Vendor-trusteddomainn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoraopendmarcn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11984
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-90.04% / 99.78%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 15:27
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverclustered_data_ontapubuntu_linuxdebian_linuxinstantis_enterprisetrackfedoracommunications_session_route_managerzfs_storage_appliance_kitcommunications_session_report_managerhyperion_infrastructure_technologyenterprise_manager_ops_centercommunications_element_managerleapApache HTTP Server
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-12284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.76% / 88.68%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 05:16
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxFFmpeg
Product-ubuntu_linuxffmpegdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2001-0456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.88% / 92.39%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2020-11800
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-9.19% / 94.76%
||
7 Day CHG~0.00%
Published-07 Oct, 2020 | 15:02
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aDebian GNU/LinuxZABBIXopenSUSE
Product-zabbixdebian_linuxbackports_sleleapn/a
CVE-1999-0978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 76.67%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2016-7966
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-2.34% / 81.76%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.

Action-Not Available
Vendor-n/aKDESUSEDebian GNU/LinuxFedora Project
Product-kmaildebian_linuxlinux_enterprisefedoran/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-8863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.49% / 94.42%
||
7 Day CHG~0.00%
Published-07 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.

Action-Not Available
Vendor-libupnp_projectn/aDebian GNU/Linux
Product-debian_linuxlibupnpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-6816
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.11% / 79.68%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 04:31
Updated-19 Mar, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Action-Not Available
Vendor-Debian GNU/LinuxX.Org FoundationFedora ProjectRed Hat, Inc.
Product-debian_linuxx_serverxwaylandenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_serverfedoraRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10938
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.23% / 91.59%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 15:28
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2000-0145
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 72.16%
||
7 Day CHG~0.00%
Published-22 Mar, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2020-10188
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-74.51% / 99.44%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 14:07
Updated-21 Jan, 2026 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Action-Not Available
Vendor-netkit_telnet_projectn/aDebian GNU/LinuxOracle CorporationFedora ProjectArista Networks, Inc.Juniper Networks, Inc.
Product-netkit_telnetcommunications_performance_intelligence_centerfedorajunosdebian_linuxeosn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-7568
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.10% / 91.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

Action-Not Available
Vendor-libgdn/aThe PHP GroupDebian GNU/Linux
Product-libgddebian_linuxphpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-10108
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.97% / 89.33%
||
7 Day CHG-0.11%
Published-12 Mar, 2020 | 12:42
Updated-25 Nov, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

Action-Not Available
Vendor-twistedn/aOracle CorporationCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxsolarisfedorazfs_storage_appliance_kittwistedn/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-1999-1411
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.32% / 81.53%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-1999-0434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 62.27%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxNetBSDRed Hat, Inc.The MITRE Corporation (Caldera)SUSE
Product-debian_linuxlinuxopenlinuxsuse_linuxnetbsdn/a
CVE-2020-10109
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.21% / 86.74%
||
7 Day CHG-0.09%
Published-12 Mar, 2020 | 12:40
Updated-25 Nov, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Action-Not Available
Vendor-twistedn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxtwistedfedoran/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2007-0899
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.53% / 71.98%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 03:10
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-clamavdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.26% / 81.05%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 03:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.

Action-Not Available
Vendor-rdflib_projectn/aCanonical Ltd.Debian GNU/Linux
Product-rdflibubuntu_linuxdebian_linuxn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-7164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.52% / 87.94%
||
7 Day CHG~0.00%
Published-20 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

Action-Not Available
Vendor-sqlalchemyn/aopenSUSERed Hat, Inc.Oracle CorporationDebian GNU/Linux
Product-sqlalchemycommunications_operations_monitordebian_linuxenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusbackports_sleenterprise_linux_server_tusleapn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-7305
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5.8||MEDIUM
EPSS-1.83% / 76.50%
||
7 Day CHG~0.00%
Published-09 Apr, 2020 | 23:50
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eXtplorer exposes /usr and /etc/extplorer over HTTP

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian

Action-Not Available
Vendor-extplorerCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxextplorereXtplorer
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2019-7165
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.82% / 88.89%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 17:25
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.

Action-Not Available
Vendor-dosboxn/aDebian GNU/LinuxFedora Project
Product-debian_linuxdosboxfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-7314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.19% / 86.67%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 02:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

Action-Not Available
Vendor-live555n/aDebian GNU/Linux
Product-debian_linuxstreaming_median/a
CWE ID-CWE-416
Use After Free
CVE-2019-6978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.42% / 90.27%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 07:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

Action-Not Available
Vendor-libgdn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxlibgddebian_linuxn/a
CWE ID-CWE-415
Double Free
CVE-2019-6256
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.28%
||
7 Day CHG~0.00%
Published-14 Jan, 2019 | 07:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.

Action-Not Available
Vendor-live555n/aDebian GNU/Linux
Product-live555_media_serverdebian_linuxn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-6339
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-9.8||CRITICAL
EPSS-33.23% / 98.18%
||
7 Day CHG~0.00%
Published-22 Jan, 2019 | 15:00
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHAR stream wrapper Arbitrary PHP code execution

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.

Action-Not Available
Vendor-Debian GNU/LinuxThe Drupal Association
Product-debian_linuxdrupalDrupal core
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8735
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-90.34% / 99.79%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 21:00
Updated-21 Apr, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Action-Not Available
Vendor-The Apache Software FoundationCanonical Ltd.NetApp, Inc.Red Hat, Inc.Oracle CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxcommunications_interactive_session_recordercommunications_instant_messaging_servermysql_enterprise_monitorretail_convenience_and_fuel_pos_softwarehospitality_guest_accessoncommand_insightmicros_retail_xbri_loss_preventionmicros_relate_crm_softwaresnap_creator_frameworkoncommand_shifttomcatagile_engineering_data_managementtransportation_managementjboss_enterprise_web_serveragile_plm7-mode_transition_toolcommunications_application_session_controllerApache TomcatTomcat
CVE-2019-5482
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-17.94% / 96.85%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 18:06
Updated-15 Apr, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxopenSUSENetApp, Inc.Fedora ProjectCURL
Product-oncommand_unified_managercurloss_support_toolsoncommand_workflow_automationleapsteelstore_cloud_integrated_storagecommunications_session_border_controllerdebian_linuxenterprise_manager_ops_centerhttp_serversnapcenteroncommand_insightcloud_backupmysql_serverhyperion_essbasefedoracommunications_operations_monitorcurl
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5477
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-5.90% / 92.40%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 00:00
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

Action-Not Available
Vendor-n/aCanonical Ltd.Sparkle MotionDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxnokogiriNokogiri (ruby gem)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-5481
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-7.27% / 93.65%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 18:05
Updated-16 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxopenSUSENetApp, Inc.Fedora ProjectCURL
Product-solidfire_baseboard_management_controller_firmwaredebian_linuxcurloss_support_toolsenterprise_manager_ops_centercloud_backupmysql_serverleapcommunications_session_border_controllersteelstorefedoracommunications_operations_monitorsolidfire_baseboard_management_controllercurl
CWE ID-CWE-415
Double Free
CVE-2023-28879
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.34% / 92.86%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 00:00
Updated-14 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-3822
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-12.77% / 95.84%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 20:00
Updated-15 Apr, 2026 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxCanonical Ltd.NetApp, Inc.Red Hat, Inc.Siemens AGCURL
Product-libcurlubuntu_linuxcommunications_operations_monitoroncommand_insightenterprise_linuxactive_iq_unified_managerservices_tools_bundleoncommand_workflow_automationsnapcenterhttp_serverclustered_data_ontapdebian_linuxsecure_global_desktopsinema_remote_connect_cliententerprise_manager_ops_centermysql_servercurl
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 25
  • 26
  • Next
Details not found