| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-14844 |
20 |
|
|
2019-09-26 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. |
|
2 |
CVE-2019-12854 |
119 |
|
DoS Overflow |
2019-08-15 |
2019-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it. |
|
3 |
CVE-2019-10906 |
264 |
|
|
2019-04-06 |
2019-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. |
|
4 |
CVE-2019-10903 |
399 |
|
|
2019-04-09 |
2019-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. |
|
5 |
CVE-2019-10902 |
399 |
|
|
2019-04-09 |
2019-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. |
|
6 |
CVE-2019-10901 |
476 |
|
|
2019-04-09 |
2019-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. |
|
7 |
CVE-2019-10900 |
399 |
|
|
2019-04-09 |
2019-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. |
|
8 |
CVE-2019-10899 |
119 |
|
Overflow |
2019-04-09 |
2019-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. |
|
9 |
CVE-2019-10898 |
399 |
|
|
2019-04-09 |
2019-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. |
|
10 |
CVE-2019-10897 |
399 |
|
|
2019-04-09 |
2019-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. |
|
11 |
CVE-2019-10896 |
399 |
|
|
2019-04-09 |
2019-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. |
|
12 |
CVE-2019-10895 |
20 |
|
|
2019-04-09 |
2019-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. |
|
13 |
CVE-2019-10894 |
399 |
|
|
2019-04-09 |
2019-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. |
|
14 |
CVE-2019-10191 |
20 |
|
|
2019-07-16 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. |
|
15 |
CVE-2019-9897 |
20 |
|
|
2019-03-21 |
2019-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. |
|
16 |
CVE-2019-9658 |
254 |
|
|
2019-03-11 |
2019-06-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Checkstyle before 8.18 loads external DTDs by default. |
|
17 |
CVE-2019-9636 |
255 |
|
|
2019-03-08 |
2019-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. |
|
18 |
CVE-2019-9496 |
287 |
|
DoS |
2019-04-17 |
2019-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. |
|
19 |
CVE-2019-8936 |
476 |
|
|
2019-05-15 |
2019-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NTP through 4.2.8p12 has a NULL Pointer Dereference. |
|
20 |
CVE-2019-6975 |
400 |
|
|
2019-02-11 |
2019-07-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. |
|
21 |
CVE-2019-6251 |
20 |
|
|
2019-01-14 |
2019-09-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. |
|
22 |
CVE-2019-5755 |
189 |
|
|
2019-02-19 |
2019-04-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. |
|
23 |
CVE-2019-3885 |
416 |
|
+Info |
2019-04-18 |
2019-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. |
|
24 |
CVE-2019-3883 |
119 |
|
DoS Overflow |
2019-04-17 |
2019-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. |
|
25 |
CVE-2019-3880 |
22 |
|
Dir. Trav. |
2019-04-09 |
2019-05-27 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. |
|
26 |
CVE-2019-3836 |
824 |
|
|
2019-04-01 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. |
|
27 |
CVE-2019-3833 |
399 |
|
DoS |
2019-03-14 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. |
|
28 |
CVE-2019-3829 |
415 |
|
Mem. Corr. |
2019-03-27 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. |
|
29 |
CVE-2019-3816 |
200 |
|
+Info |
2019-03-14 |
2019-05-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. |
|
30 |
CVE-2019-3804 |
20 |
|
DoS |
2019-03-26 |
2019-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. |
|
31 |
CVE-2019-0220 |
399 |
|
|
2019-06-11 |
2019-06-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. |
|
32 |
CVE-2018-20406 |
190 |
|
Overflow |
2018-12-23 |
2019-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. |
|
33 |
CVE-2018-20191 |
476 |
|
DoS |
2018-12-20 |
2019-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). |
|
34 |
CVE-2018-20060 |
|
|
|
2018-12-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. |
|
35 |
CVE-2018-19790 |
601 |
|
|
2018-12-18 |
2019-05-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. |
|
36 |
CVE-2018-19591 |
20 |
|
|
2018-12-04 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. |
|
37 |
CVE-2018-18898 |
20 |
|
DoS |
2019-03-21 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. |
|
38 |
CVE-2018-17848 |
129 |
|
|
2018-10-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. |
|
39 |
CVE-2018-17847 |
20 |
|
|
2018-10-01 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. |
|
40 |
CVE-2018-17846 |
835 |
|
|
2018-10-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. |
|
41 |
CVE-2018-17189 |
400 |
|
|
2019-01-30 |
2019-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. |
|
42 |
CVE-2018-17143 |
20 |
|
|
2018-09-17 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. |
|
43 |
CVE-2018-17142 |
20 |
|
|
2018-09-17 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. |
|
44 |
CVE-2018-17075 |
20 |
|
|
2018-09-15 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit. |
|
45 |
CVE-2018-16838 |
269 |
|
|
2019-03-25 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. |
|
46 |
CVE-2018-14647 |
909 |
|
DoS |
2018-09-24 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable. |
|
47 |
CVE-2018-14638 |
415 |
|
DoS |
2018-09-14 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. |
|
48 |
CVE-2018-14624 |
20 |
|
|
2018-09-06 |
2019-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. |
|
49 |
CVE-2018-14598 |
20 |
|
Overflow |
2018-08-24 |
2019-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). |
|
50 |
CVE-2018-14348 |
200 |
|
+Info |
2018-08-14 |
2019-08-06 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. |
