| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-16239 |
120 |
|
Overflow |
2019-09-17 |
2019-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. |
|
2 |
CVE-2019-14234 |
89 |
|
Sql |
2019-08-09 |
2019-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. |
|
3 |
CVE-2019-13272 |
264 |
|
|
2019-07-17 |
2019-07-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. |
|
4 |
CVE-2019-11500 |
787 |
|
Exec Code |
2019-08-29 |
2019-09-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. |
|
5 |
CVE-2019-11235 |
345 |
|
|
2019-04-22 |
2019-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. |
|
6 |
CVE-2019-11234 |
287 |
|
|
2019-04-22 |
2019-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. |
|
7 |
CVE-2019-9898 |
327 |
|
|
2019-03-21 |
2019-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. |
|
8 |
CVE-2019-9895 |
119 |
|
Overflow |
2019-03-21 |
2019-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. |
|
9 |
CVE-2019-9852 |
22 |
|
Exec Code Dir. Trav. Bypass |
2019-08-15 |
2019-09-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. |
|
10 |
CVE-2019-9851 |
20 |
|
Exec Code |
2019-08-15 |
2019-09-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. |
|
11 |
CVE-2019-9850 |
20 |
|
Exec Code Bypass |
2019-08-15 |
2019-09-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. |
|
12 |
CVE-2019-9848 |
20 |
|
Exec Code |
2019-07-17 |
2019-08-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. |
|
13 |
CVE-2019-9687 |
119 |
|
Overflow |
2019-03-11 |
2019-03-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. |
|
14 |
CVE-2019-9631 |
125 |
|
|
2019-03-08 |
2019-06-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. |
|
15 |
CVE-2019-9516 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. |
|
16 |
CVE-2019-9513 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. |
|
17 |
CVE-2019-9511 |
400 |
|
DoS |
2019-08-13 |
2019-08-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
|
18 |
CVE-2019-7165 |
119 |
|
Exec Code Overflow |
2019-07-03 |
2019-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. |
|
19 |
CVE-2019-6446 |
502 |
|
Exec Code |
2019-01-16 |
2019-09-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources. |
|
20 |
CVE-2019-5420 |
20 |
|
Exec Code |
2019-03-27 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. |
|
21 |
CVE-2019-0211 |
264 |
|
Exec Code |
2019-04-08 |
2019-06-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. |
|
22 |
CVE-2018-18408 |
416 |
|
DoS |
2018-10-17 |
2019-03-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact. |
|
23 |
CVE-2018-18311 |
119 |
|
Overflow |
2018-12-07 |
2019-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
|
24 |
CVE-2018-14599 |
682 |
|
|
2018-08-24 |
2019-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. |
|
25 |
CVE-2018-1111 |
78 |
|
Exec Code |
2018-05-17 |
2019-10-02 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. |
|
26 |
CVE-2017-12170 |
|
|
|
2017-09-21 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd. |
|
27 |
CVE-2017-11462 |
415 |
|
|
2017-09-13 |
2017-10-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. |
|
28 |
CVE-2017-5885 |
190 |
|
DoS Exec Code Overflow |
2017-02-28 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. |
|
29 |
CVE-2016-10243 |
20 |
|
Exec Code |
2017-05-02 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. |
|
30 |
CVE-2016-9400 |
119 |
|
Exec Code Overflow |
2017-02-22 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. |
|
31 |
CVE-2016-9299 |
90 |
|
Exec Code |
2017-01-12 |
2019-05-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. |
|
32 |
CVE-2016-9085 |
190 |
|
Overflow |
2017-02-03 |
2017-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. |
|
33 |
CVE-2016-9013 |
798 |
|
|
2016-12-09 |
2017-11-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. |
|
34 |
CVE-2016-8606 |
284 |
|
Exec Code |
2017-01-12 |
2017-01-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. |
|
35 |
CVE-2016-7966 |
94 |
|
|
2016-12-23 |
2016-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. |
|
36 |
CVE-2016-7953 |
119 |
|
Overflow |
2016-12-13 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. |
|
37 |
CVE-2016-7951 |
125 |
|
Overflow |
2016-12-13 |
2016-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. |
|
38 |
CVE-2016-7950 |
787 |
|
|
2016-12-13 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. |
|
39 |
CVE-2016-7949 |
787 |
|
Overflow |
2016-12-13 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. |
|
40 |
CVE-2016-7948 |
787 |
|
|
2016-12-13 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. |
|
41 |
CVE-2016-7947 |
787 |
|
Overflow |
2016-12-13 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. |
|
42 |
CVE-2016-7944 |
190 |
|
Overflow +Priv |
2016-12-13 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. |
|
43 |
CVE-2016-7943 |
787 |
|
+Priv |
2016-12-13 |
2018-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. |
|
44 |
CVE-2016-7942 |
787 |
|
+Priv |
2016-12-13 |
2018-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. |
|
45 |
CVE-2016-7545 |
284 |
|
Exec Code |
2017-01-19 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. |
|
46 |
CVE-2016-7543 |
20 |
|
Exec Code |
2017-01-19 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. |
|
47 |
CVE-2016-7405 |
89 |
|
Sql |
2016-10-03 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. |
|
48 |
CVE-2016-7167 |
190 |
|
Overflow |
2016-10-07 |
2018-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. |
|
49 |
CVE-2016-6515 |
20 |
|
DoS |
2016-08-07 |
2018-09-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. |
|
50 |
CVE-2016-6233 |
89 |
|
Sql |
2017-02-16 |
2018-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. |
