redhat/fedora: The latest CVE Vulnerabilities and Exploits for Penetration Test

Last Updated: 2023-05-04

Page content

redhat/fedora Vulnerability Summary

Vendor name: redhat
Product name: fedora
Total vulnerabilities: 526 (as 2023-05-04)

redhat/fedora Vulnerability List

CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such…

Published: 2022-01-20T18:15:00 Last Modified: 2022-01-26T19:49:00

Summary

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-45417 vulnerability.

References

CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal…

Published: 2022-01-13T21:15:00 Last Modified: 2022-02-10T07:52:00

Summary

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build against it will gain those permissions. Normally this will not be done, so this is not problem. However, if --mirror-screenshots-url is specified, then flatpak-builder will launch flatpak build --nofilesystem=host appstream-utils mirror-screenshots after finalization, which can lead to issues even with the --nofilesystem=host protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the appstream-util binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of --nofilesystem=home and --nofilesystem=host.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2022-21682 vulnerability.

References

CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3…

Published: 2022-01-12T22:15:00 Last Modified: 2022-02-10T15:03:00

Summary

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the “xa.metadata” key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the actual metadata, from the “metadata” file to ensure it wasn’t lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from before the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-43860 vulnerability.

References

Published: 2022-01-01T06:15:00 Last Modified: 2022-02-11T15:32:00

Summary

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Common Weakness Enumeration (CWE): CWE-565: Reliance on Cookies without Validation and Integrity Checking

CWE Description: The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-41819 vulnerability.

References

CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of…

Published: 2022-01-01T05:15:00 Last Modified: 2022-01-11T21:31:00

Summary

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-41817 vulnerability.

References

CVE-2021-4166: vim is vulnerable to Out-of-bounds Read

Published: 2021-12-25T19:15:00 Last Modified: 2022-02-04T15:45:00

Summary

vim is vulnerable to Out-of-bounds Read

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4166 vulnerability.

References

CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via…

Published: 2021-12-23T21:15:00 Last Modified: 2022-01-07T16:18:00

Summary

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3621 vulnerability.

References

CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted…

Published: 2021-12-23T21:15:00 Last Modified: 2022-01-10T13:37:00

Summary

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3622 vulnerability.

References

CVE-2021-4024: A flaw was found in podman. The `podman machine` function (used to create and manage Podman…

Published: 2021-12-23T20:15:00 Last Modified: 2022-02-08T03:15:00

Summary

A flaw was found in podman. The podman machine function (used to create and manage Podman virtual machine containing a Podman process) spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host’s firewall, an attacker can potentially use the gvproxy API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host’s services by forwarding all ports to the VM.

Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error

CWE Description: The software does not properly verify that the source of data or communication is valid.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4024 vulnerability.

References

CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command…

Published: 2021-12-23T06:15:00 Last Modified: 2022-02-07T19:13:00

Summary

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-45463 vulnerability.

References

CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through…

Published: 2021-12-22T17:15:00 Last Modified: 2022-01-14T07:15:00

Summary

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 3.4
CVSS: 4.4
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-44733 vulnerability.

References

CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a…

Published: 2021-12-15T20:15:00 Last Modified: 2022-01-10T14:10:00

Summary

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-45078 vulnerability.

References

CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has…

Published: 2021-12-14T12:15:00 Last Modified: 2022-02-07T16:16:00

Summary

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 6.8
CVSS: 6.0
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4104 vulnerability.

References

CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in…

Published: 2021-12-08T22:15:00 Last Modified: 2022-01-04T16:09:00

Summary

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4048 vulnerability.

References

CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image…

Published: 2021-11-29T16:15:00 Last Modified: 2021-12-01T15:44:00

Summary

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.9
Exploitability Score: 6.8
CVSS: 6.3
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3802 vulnerability.

References

CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned…

Published: 2021-11-23T19:15:00 Last Modified: 2021-12-14T18:29:00

Summary

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3672 vulnerability.

References

CVE-2021-3935: When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can…

Published: 2021-11-22T16:15:00 Last Modified: 2022-02-14T15:15:00

Summary

When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3935 vulnerability.

References

CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal…

Published: 2021-10-19T15:15:00 Last Modified: 2021-10-22T20:28:00

Summary

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2’s volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3746 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1998588

CVE-2021-32672: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua…

Published: 2021-10-04T18:15:00 Last Modified: 2021-11-28T23:16:00

Summary

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-32672 vulnerability.

References

CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <…

Published: 2021-09-07T15:15:00 Last Modified: 2021-11-29T21:29:00

Summary

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-39251 vulnerability.

References

CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the…

Published: 2021-09-07T14:15:00 Last Modified: 2021-11-29T21:36:00

Summary

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the “bytes_in_use” field should be less than the “bytes_allocated” field. When it is not, the parsing of the records proceeds into the wild.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-33285 vulnerability.

References

CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two…

Published: 2021-08-31T17:15:00 Last Modified: 2022-02-07T16:16:00

Summary

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating “secret_hash” of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3634 vulnerability.

References

CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory…

Published: 2021-08-27T15:15:00 Last Modified: 2021-10-07T17:48:00

Summary

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-40153 vulnerability.

References

CVE-2021-3573: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found…

Published: 2021-08-13T14:15:00 Last Modified: 2021-08-24T19:21:00

Summary

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3573 vulnerability.

References

CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A…

Published: 2021-08-13T14:15:00 Last Modified: 2021-08-23T20:33:00

Summary

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3635 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1976946

CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can…

Published: 2021-08-12T15:15:00 Last Modified: 2021-12-02T20:40:00

Summary

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20314 vulnerability.

References

CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when…

Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:42:00

Summary

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 8.5
Exploitability Score: 8.0
CVSS: 8.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C

Impact

Availability: COMPLETE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3570 vulnerability.

References

CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a…

Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:43:00

Summary

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3571 vulnerability.

References

CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in…

Published: 2021-07-09T11:15:00 Last Modified: 2021-12-17T01:15:00

Summary

An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3612 vulnerability.

References

CVE-2021-3592: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘bootp_t’ structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3592 vulnerability.

References

CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-20T13:52:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3593 vulnerability.

References

CVE-2021-3594: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3594 vulnerability.

References

CVE-2021-3595: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T17:01:00

Summary

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the ’tftp_t’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer

CWE Description: The program accesses or uses a pointer that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3595 vulnerability.

References

CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00

Summary

A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956464

CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…

Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00

Summary

A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Scores

Impact Score: 2.9
Exploitability Score: 1.9
CVSS: 1.2
CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956477

CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a…

Published: 2021-06-04T12:15:00 Last Modified: 2021-12-02T13:55:00

Summary

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-665: Improper Initialization

CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3565 vulnerability.

References

CVE-2021-3516: There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit…

Published: 2021-06-01T14:15:00 Last Modified: 2022-02-07T16:16:00

Summary

There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3516 vulnerability.

References

CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that…

Published: 2021-06-01T14:15:00 Last Modified: 2021-06-11T19:14:00

Summary

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3543 vulnerability.

References

CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious…

Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:35:00

Summary

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20236 vulnerability.

References

CVE-2021-20239: A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw…

Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:28:00

Summary

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-822: Untrusted Pointer Dereference

CWE Description: The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20239 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1923636

CVE-2021-20292: There is a flaw reported in the Linux kernel in versions before 5.9 in…

Published: 2021-05-28T11:15:00 Last Modified: 2021-06-23T02:15:00

Summary

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20292 vulnerability.

References

CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a…

Published: 2021-05-28T11:15:00 Last Modified: 2021-09-14T17:38:00

Summary

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion

CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25710 vulnerability.

References

CVE-2021-30501: An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow…

Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T01:59:00

Summary

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30501 vulnerability.

References

CVE-2021-30500: Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version…

Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T02:05:00

Summary

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30500 vulnerability.

References

CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary…

Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T15:04:00

Summary

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion

CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30471 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947441

CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function…

Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T16:29:00

Summary

A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30469 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947433

CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),…

Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T02:07:00

Summary

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion

CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30470 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1947436

CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a…

Published: 2021-05-26T21:15:00 Last Modified: 2021-06-03T17:20:00

Summary

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20297 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1943282

CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default…

Published: 2021-05-26T12:15:00 Last Modified: 2021-06-03T15:57:00

Summary

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20178 vulnerability.

References

CVE-2021-3426: There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to…

Published: 2021-05-20T13:15:00 Last Modified: 2022-02-07T16:16:00

Summary

There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 5.1
CVSS: 2.7
CVSS Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2021-3426 vulnerability.

References

CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who…

Published: 2021-05-19T14:15:00 Last Modified: 2021-07-20T11:15:00

Summary

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature

CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3421 vulnerability.

References

CVE-2021-3445: A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This…

Published: 2021-05-19T14:15:00 Last Modified: 2021-06-02T14:58:00

Summary

A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature

CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3445 vulnerability.

References

CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An…

Published: 2021-05-19T14:15:00 Last Modified: 2022-02-07T16:16:00

Summary

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3517 vulnerability.

References

CVE-2021-3518: There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted…

Published: 2021-05-18T12:15:00 Last Modified: 2021-12-09T21:30:00

Summary

There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3518 vulnerability.

References

CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a…

Published: 2021-05-18T12:15:00 Last Modified: 2021-05-25T16:27:00

Summary

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3531 vulnerability.

References

CVE-2021-3524: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before…

Published: 2021-05-17T17:15:00 Last Modified: 2021-09-20T12:15:00

Summary

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3524 vulnerability.

References

CVE-2020-27769: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of…

Published: 2021-05-14T20:15:00 Last Modified: 2021-05-19T19:08:00

Summary

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ‘float’ at MagickCore/quantize.c.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27769 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1894690

CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors…

Published: 2021-05-14T20:15:00 Last Modified: 2021-12-08T20:19:00

Summary

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3537 vulnerability.

References

CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This…

Published: 2021-05-13T14:15:00 Last Modified: 2021-12-07T19:40:00

Summary

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27824 vulnerability.

References

CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of…

Published: 2021-05-11T23:15:00 Last Modified: 2021-06-21T18:35:00

Summary

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3504 vulnerability.

References

CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs)…

Published: 2021-05-05T14:15:00 Last Modified: 2021-06-24T18:30:00

Summary

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 6.8
CVSS: 4.9
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20254 vulnerability.

References

CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in…

Published: 2021-04-26T15:15:00 Last Modified: 2021-05-19T12:54:00

Summary

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-191: Integer Underflow (Wrap or Wraparound)

CWE Description: The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3472 vulnerability.

References

CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file…

Published: 2021-04-19T22:15:00 Last Modified: 2021-12-10T19:52:00

Summary

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-266: Incorrect Privilege Assignment

CWE Description: A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 4.9
Exploitability Score: 6.8
CVSS: 4.9
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20208 vulnerability.

References

CVE-2021-3505: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit…

Published: 2021-04-19T21:15:00 Last Modified: 2021-06-03T16:19:00

Summary

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-331: Insufficient Entropy

CWE Description: The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3505 vulnerability.

References

CVE-2021-20288: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles…

Published: 2021-04-15T15:15:00 Last Modified: 2021-06-03T18:28:00

Summary

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn’t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20288 vulnerability.

References

CVE-2021-3487: There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a…

Published: 2021-04-15T14:15:00 Last Modified: 2021-05-04T12:55:00

Summary

There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3487 vulnerability.

References

CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation…

Published: 2021-04-08T23:15:00 Last Modified: 2021-09-21T18:15:00

Summary

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3482 vulnerability.

References

CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for…

Published: 2021-04-08T23:15:00 Last Modified: 2022-02-07T16:16:00

Summary

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Common Weakness Enumeration (CWE): CWE-358: Improperly Implemented Security Check for Standard

CWE Description: The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3448 vulnerability.

References

CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification…

Published: 2021-04-05T22:15:00 Last Modified: 2021-12-06T13:57:00

Summary

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20305 vulnerability.

References

CVE-2021-20291: A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1….

Published: 2021-04-01T18:15:00 Last Modified: 2021-06-02T13:13:00

Summary

A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Common Weakness Enumeration (CWE): CWE-667: Improper Locking

CWE Description: The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20291 vulnerability.

References

CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as…

Published: 2021-04-01T18:15:00 Last Modified: 2021-06-03T13:47:00

Summary

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3447 vulnerability.

References

CVE-2021-20271: A flaw was found in RPM’s signature check functionality when reading a package file. This flaw…

Published: 2021-03-26T17:15:00 Last Modified: 2021-12-10T19:50:00

Summary

A flaw was found in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity

CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20271 vulnerability.

References

CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled…

Published: 2021-03-25T19:15:00 Last Modified: 2021-03-30T16:52:00

Summary

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3443 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939233

CVE-2021-3446: A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms…

Published: 2021-03-25T19:15:00 Last Modified: 2021-03-26T18:01:00

Summary

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3446 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939664

CVE-2021-3466: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function…

Published: 2021-03-25T19:15:00 Last Modified: 2021-12-15T14:38:00

Summary

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3466 vulnerability.

References

CVE-2021-3409: The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU…

Published: 2021-03-23T21:15:00 Last Modified: 2021-05-07T05:15:00

Summary

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3409 vulnerability.

References

CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when…

Published: 2021-03-23T17:15:00 Last Modified: 2021-12-10T17:04:00

Summary

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the “exception” keyword.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20270 vulnerability.

References

CVE-2019-10196: A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent…

Published: 2021-03-19T20:15:00 Last Modified: 2021-03-25T19:21:00

Summary

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

Common Weakness Enumeration (CWE): CWE-665: Improper Initialization

CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Scores

Impact Score: 8.5
Exploitability Score: 10.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Impact

Availability: COMPLETE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10196 vulnerability.

References

CVE-2021-3416: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in…

Published: 2021-03-18T20:15:00 Last Modified: 2022-01-04T16:38:00

Summary

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-3416 vulnerability.

References

CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause…

Published: 2021-03-18T17:15:00 Last Modified: 2021-08-04T17:14:00

Summary

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27827 vulnerability.

References

CVE-2021-20179: A flaw was found in pki-core. An attacker who has successfully compromised a key could use this…

Published: 2021-03-15T13:15:00 Last Modified: 2021-03-24T01:58:00

Summary

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20179 vulnerability.

References

CVE-2021-20231: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead…

Published: 2021-03-12T19:15:00 Last Modified: 2021-06-01T14:07:00

Summary

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20231 vulnerability.

References

CVE-2021-20232: A flaw was found in gnutls. A use after free issue in client_send_params in…

Published: 2021-03-12T19:15:00 Last Modified: 2021-05-17T14:30:00

Summary

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20232 vulnerability.

References

CVE-2021-20244: A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted…

Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:45:00

Summary

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-369: Divide By Zero

CWE Description: The product divides a value by zero.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20244 vulnerability.

References

CVE-2021-20245: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is…

Published: 2021-03-09T19:15:00 Last Modified: 2022-01-01T18:02:00

Summary

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-369: Divide By Zero

CWE Description: The product divides a value by zero.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20245 vulnerability.

References

CVE-2021-20246: A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file…

Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:46:00

Summary

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-369: Divide By Zero

CWE Description: The product divides a value by zero.

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20246 vulnerability.

References

CVE-2020-25639: A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality…

Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:47:00

Summary

A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25639 vulnerability.

References

CVE-2021-3404: In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-…

Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:22:00

Summary

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3404 vulnerability.

References

CVE-2021-3403: In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a…

Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:24:00

Summary

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3403 vulnerability.

References

CVE-2021-20225: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20225 vulnerability.

References

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-20233 vulnerability.

References

CVE-2020-14372: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-184: Incomplete List of Disallowed Inputs

CWE Description: The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

Scores

Impact Score: 10.0
Exploitability Score: 1.9
CVSS: 6.2
CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14372 vulnerability.

References

CVE-2020-25632: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the…

Published: 2021-03-03T17:15:00 Last Modified: 2021-12-16T20:42:00

Summary

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25632 vulnerability.

References

CVE-2020-25647: A flaw was found in grub2 in versions prior to 2.06. During USB device initialization,…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25647 vulnerability.

References

CVE-2020-27749: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-121: Stack-based Buffer Overflow

CWE Description: A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-27749 vulnerability.

References

CVE-2020-27779: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure…

Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00

Summary

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub’s memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Common Weakness Enumeration (CWE): CWE-285: Improper Authorization

CWE Description: The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-27779 vulnerability.

References

CVE-2021-20229: A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT…

Published: 2021-02-23T18:15:00 Last Modified: 2021-06-09T15:01:00

Summary

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-20229 vulnerability.

References

CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to…

Published: 2021-01-12T15:15:00 Last Modified: 2021-04-07T14:58:00

Summary

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25657 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1889823

CVE-2020-25678: A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in…

Published: 2021-01-08T18:15:00 Last Modified: 2021-05-28T19:42:00

Summary

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Common Weakness Enumeration (CWE): CWE-312: Cleartext Storage of Sensitive Information

CWE Description: The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-25678 vulnerability.

References

CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to…

Published: 2020-12-21T16:15:00 Last Modified: 2021-03-31T15:17:00

Summary

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Common Weakness Enumeration (CWE): CWE-115: Misinterpretation of Input

CWE Description: The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-27846 vulnerability.

References

CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila,…

Published: 2020-12-18T21:15:00 Last Modified: 2021-06-03T18:40:00

Summary

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even “admin” users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.

Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials

CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Scores

Impact Score: 4.9
Exploitability Score: 3.9
CVSS: 3.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-27781 vulnerability.

References

CVE-2020-25660: A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before…

Published: 2020-11-23T22:15:00 Last Modified: 2021-05-28T19:43:00

Summary

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.

Common Weakness Enumeration (CWE): CWE-294: Authentication Bypass by Capture-replay

CWE Description: A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Scores

Impact Score: 6.4
Exploitability Score: 6.5
CVSS: 5.8
CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2020-25660 vulnerability.

References

CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use…

Published: 2020-11-12T14:15:00 Last Modified: 2022-01-01T18:18:00

Summary

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Common Weakness Enumeration (CWE): CWE-385: Covert Timing Channel

CWE Description: Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25658 vulnerability.

References

CVE-2020-25648: A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw…

Published: 2020-10-20T22:15:00 Last Modified: 2021-12-07T19:58:00

Summary

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-25648 vulnerability.

References

CVE-2020-14370: An information disclosure vulnerability was found in containers/podman in versions before 2.0.5….

Published: 2020-09-23T13:15:00 Last Modified: 2021-11-04T16:36:00

Summary

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Common Weakness Enumeration (CWE): CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer

CWE Description: The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14370 vulnerability.

References

CVE-2020-14382: A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2…

Published: 2020-09-16T15:15:00 Last Modified: 2022-01-01T18:39:00

Summary

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there’s a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file ’lib/luks2/luks2_json_metadata.c’ in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement “intervals = malloc(first_backup * sizeof(*intervals));”). Due to the bug, library can be tricked to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14382 vulnerability.

References

CVE-2020-14364: An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions…

Published: 2020-08-31T18:15:00 Last Modified: 2020-11-11T06:15:00

Summary

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 3.4
CVSS: 4.4
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-14364 vulnerability.

References

CVE-2020-14352: A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was…

Published: 2020-08-30T15:15:00 Last Modified: 2020-11-09T14:28:00

Summary

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 10.0
Exploitability Score: 6.8
CVSS: 8.5
CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14352 vulnerability.

References

CVE-2020-15114: In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for…

Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00

Summary

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime

CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-15114 vulnerability.

References

CVE-2020-15136: In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to…

Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00

Summary

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the –endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.

Common Weakness Enumeration (CWE): CWE-306: Missing Authentication for Critical Function

CWE Description: The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-15136 vulnerability.

References

CVE-2020-10730: A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in…

Published: 2020-07-07T14:15:00 Last Modified: 2021-04-02T16:15:00

Summary

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-10730 vulnerability.

References

CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is…

Published: 2020-06-26T15:15:00 Last Modified: 2021-10-26T20:13:00

Summary

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

Common Weakness Enumeration (CWE): CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)

CWE Description: The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-10753 vulnerability.

References

CVE-2020-10757: A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge…

Published: 2020-06-09T13:15:00 Last Modified: 2021-07-21T11:39:00

Summary

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)

CWE Description: The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10757 vulnerability.

References

CVE-2020-10749: A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6,…

Published: 2020-06-03T14:15:00 Last Modified: 2021-05-05T13:57:00

Summary

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Scores

Impact Score: 6.4
Exploitability Score: 6.8
CVSS: 6.0
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-10749 vulnerability.

References

CVE-2020-1695: A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x…

Published: 2020-05-19T15:15:00 Last Modified: 2022-01-01T17:33:00

Summary

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1695 vulnerability.

References

CVE-2020-1760: A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user…

Published: 2020-04-23T15:15:00 Last Modified: 2021-09-16T15:46:00

Summary

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1760 vulnerability.

References

CVE-2020-1730: A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR…

Published: 2020-04-13T19:15:00 Last Modified: 2021-09-14T13:39:00

Summary

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn’t been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1730 vulnerability.

References

CVE-2020-1759: A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2…

Published: 2020-04-13T13:15:00 Last Modified: 2021-08-04T17:15:00

Summary

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.

Common Weakness Enumeration (CWE): CWE-323: Reusing a Nonce, Key Pair in Encryption

CWE Description: Nonces should be used for the present occasion and only once.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1759 vulnerability.

References

CVE-2019-14905: A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8,…

Published: 2020-03-31T17:15:00 Last Modified: 2021-11-02T18:09:00

Summary

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14905 vulnerability.

References

CVE-2020-10684: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9…

Published: 2020-03-24T14:15:00 Last Modified: 2021-12-20T22:54:00

Summary

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

Impact Score: 4.9
Exploitability Score: 3.9
CVSS: 3.6
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-10684 vulnerability.

References

CVE-2020-1739: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a…

Published: 2020-03-12T18:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument “password” of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1739 vulnerability.

References

CVE-2020-1733: A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and…

Published: 2020-03-11T19:15:00 Last Modified: 2021-08-07T15:15:00

Summary

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with “umask 77 && mkdir -p

”; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating ‘/proc//cmdline’.

Common Weakness Enumeration (CWE): CWE-377: Insecure Temporary File

CWE Description: Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Scores

Impact Score: 6.4
Exploitability Score: 1.9
CVSS: 3.7
CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-1733 vulnerability.

References

CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before…

Published: 2020-02-17T22:15:00 Last Modified: 2020-02-20T15:04:00

Summary

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-8089 vulnerability.

References

CVE-2020-8945: The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as…

Published: 2020-02-12T18:15:00 Last Modified: 2020-07-24T03:15:00

Summary

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-8945 vulnerability.

References

CVE-2020-6402: Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87…

Published: 2020-02-11T15:15:00 Last Modified: 2021-09-16T13:16:00

Summary

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-6402 vulnerability.

References

CVE-2015-6815: The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process…

Published: 2020-01-31T22:15:00 Last Modified: 2021-11-30T19:50:00

Summary

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 2.9
Exploitability Score: 5.1
CVSS: 2.7
CVSS Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2015-6815 vulnerability.

References

CVE-2011-4088: ABRT might allow attackers to obtain sensitive information from crash reports.

Published: 2020-01-31T17:15:00 Last Modified: 2020-02-05T19:01:00

Summary

ABRT might allow attackers to obtain sensitive information from crash reports.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-4088 vulnerability.

References

CVE-2019-20444: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which…

Published: 2020-01-29T21:15:00 Last Modified: 2021-09-14T12:45:00

Summary

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an “invalid fold.”

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

CWE Description: When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-20444 vulnerability.

References

CVE-2019-20445: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by…

Published: 2020-01-29T21:15:00 Last Modified: 2021-09-14T12:45:00

Summary

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-20445 vulnerability.

References

CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding…

Published: 2020-01-27T17:15:00 Last Modified: 2021-05-27T16:21:00

Summary

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-7238 vulnerability.

References

CVE-2019-14907: All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an…

Published: 2020-01-21T18:15:00 Last Modified: 2021-05-29T13:15:00

Summary

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with “log level = 3” (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 4.9
CVSS: 2.6
CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14907 vulnerability.

References

CVE-2020-6377: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to…

Published: 2020-01-10T22:15:00 Last Modified: 2021-07-21T11:39:00

Summary

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-6377 vulnerability.

References

CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow…

Published: 2020-01-03T17:15:00 Last Modified: 2020-01-14T18:51:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-4451 vulnerability.

References

CVE-2012-5474: The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS…

Published: 2019-12-30T20:15:00 Last Modified: 2021-03-09T14:45:00

Summary

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

Common Weakness Enumeration (CWE): CWE-311: Missing Encryption of Sensitive Data

CWE Description: The software does not encrypt sensitive or critical information before storage or transmission.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-5474 vulnerability.

References

CVE-2019-16775: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible…

Published: 2019-12-13T01:15:00 Last Modified: 2021-10-20T11:15:00

Summary

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user’s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.

Common Weakness Enumeration (CWE): CWE-61: UNIX Symbolic Link (Symlink) Following

CWE Description: The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16775 vulnerability.

References

CVE-2019-16776: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to…

Published: 2019-12-13T01:15:00 Last Modified: 2020-10-07T16:49:00

Summary

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user’s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16776 vulnerability.

References

CVE-2019-16777: Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails…

Published: 2019-12-13T01:15:00 Last Modified: 2020-10-09T13:36:00

Summary

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16777 vulnerability.

References

CVE-2019-13730: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to…

Published: 2019-12-10T22:15:00 Last Modified: 2022-01-01T20:07:00

Summary

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-843: Access of Resource Using Incompatible Type (‘Type Confusion’)

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-13730 vulnerability.

References

CVE-2013-2166: python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

Published: 2019-12-10T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

Common Weakness Enumeration (CWE): CWE-326: Inadequate Encryption Strength

CWE Description: The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-2166 vulnerability.

References

CVE-2019-19334: In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way…

Published: 2019-12-06T16:15:00 Last Modified: 2019-12-18T18:15:00

Summary

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type “identityref”. An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-19334 vulnerability.

References

CVE-2019-5544: OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has…

Published: 2019-12-06T16:15:00 Last Modified: 2022-02-03T19:50:00

Summary

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5544 vulnerability.

References

CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Published: 2019-12-03T15:15:00 Last Modified: 2021-02-25T17:15:00

Summary

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2013-4235 vulnerability.

References

CVE-2019-18660: The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB…

Published: 2019-11-27T23:15:00 Last Modified: 2020-01-28T19:47:00

Summary

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-18660 vulnerability.

References

CVE-2016-4980: A password generation weakness exists in xquest through 2016-06-13.

Published: 2019-11-27T16:15:00 Last Modified: 2020-01-09T21:15:00

Summary

A password generation weakness exists in xquest through 2016-06-13.

Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values

CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-4980 vulnerability.

References

CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32,…

Published: 2019-11-27T09:15:00 Last Modified: 2020-01-03T11:15:00

Summary

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14896 vulnerability.

References

CVE-2012-5644: libuser has information disclosure when moving user’s home directory

Published: 2019-11-25T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

libuser has information disclosure when moving user’s home directory

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact

Availability: NONE
Confidentiality: COMPLETE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-5644 vulnerability.

References

CVE-2019-13723: Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker…

Published: 2019-11-25T15:15:00 Last Modified: 2020-08-24T17:37:00

Summary

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-13723 vulnerability.

References

CVE-2012-5630: libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and…

Published: 2019-11-25T14:15:00 Last Modified: 2019-12-04T15:43:00

Summary

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-5630 vulnerability.

References

Published: 2019-11-25T11:15:00 Last Modified: 2020-02-28T18:10:00

Summary

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

Common Weakness Enumeration (CWE): CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE Description: The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Scores

Impact Score: 6.4
Exploitability Score: 6.8
CVSS: 6.0
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14891 vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891

CVE-2019-11287: Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for…

Published: 2019-11-23T00:15:00 Last Modified: 2021-08-04T17:15:00

Summary

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The “X-Reason” HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Common Weakness Enumeration (CWE): CWE-134: Use of Externally-Controlled Format String

CWE Description: The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-11287 vulnerability.

References

CVE-2015-7810: libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Published: 2019-11-22T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Scores

Impact Score: 4.9
Exploitability Score: 3.4
CVSS: 3.3
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2015-7810 vulnerability.

References

CVE-2013-1817: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which…

Published: 2019-11-20T20:15:00 Last Modified: 2019-11-21T14:54:00

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-1817 vulnerability.

References

CVE-2013-1816: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of…

Published: 2019-11-20T20:15:00 Last Modified: 2019-11-21T14:58:00

Summary

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-1816 vulnerability.

References

CVE-2012-6136: tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill…

Published: 2019-11-20T15:15:00 Last Modified: 2020-08-18T15:05:00

Summary

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-6136 vulnerability.

References

CVE-2014-5118: Trusted Boot (tboot) before 1.8.2 has a ’loader.c’ Security Bypass Vulnerability

Published: 2019-11-18T23:15:00 Last Modified: 2020-01-10T14:15:00

Summary

Trusted Boot (tboot) before 1.8.2 has a ’loader.c’ Security Bypass Vulnerability

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2014-5118 vulnerability.

References

CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux…

Published: 2019-11-18T06:15:00 Last Modified: 2021-06-14T18:15:00

Summary

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19066 vulnerability.

References

CVE-2019-19072: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the…

Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19072 vulnerability.

References

CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel…

Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19062 vulnerability.

References

CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in…

Published: 2019-11-18T06:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-19068 vulnerability.

References

CVE-2019-19012: An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before…

Published: 2019-11-17T18:15:00 Last Modified: 2020-08-24T17:37:00

Summary

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-19012 vulnerability.

References

CVE-2011-2726: An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the…

Published: 2019-11-15T17:15:00 Last Modified: 2019-12-03T19:49:00

Summary

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-2726 vulnerability.

References

CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple…

Published: 2019-11-14T20:15:00 Last Modified: 2020-07-15T03:15:00

Summary

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-12207 vulnerability.

References

CVE-2019-14818: A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before…

Published: 2019-11-14T17:15:00 Last Modified: 2021-11-02T18:28:00

Summary

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14818 vulnerability.

References

CVE-2012-1156: Moodle before 2.2.2 has users’ private files included in course backups

Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:41:00

Summary

Moodle before 2.2.2 has users’ private files included in course backups

Common Weakness Enumeration (CWE): CWE-532: Insertion of Sensitive Information into Log File

CWE Description: This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1156 vulnerability.

References

CVE-2012-1168: Moodle before 2.2.2 has a password and web services issue where when the user profile is updated…

Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:32:00

Summary

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1168 vulnerability.

References

CVE-2012-1155: Moodle has a database activity export permission issue where the export function of the database…

Published: 2019-11-14T16:15:00 Last Modified: 2019-11-22T18:44:00

Summary

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1155 vulnerability.

References

CVE-2010-4661: udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

Published: 2019-11-13T21:15:00 Last Modified: 2019-11-18T19:30:00

Summary

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

Common Weakness Enumeration (CWE): CWE-434: Unrestricted Upload of File with Dangerous Type

CWE Description: This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2010-4661 vulnerability.

References

CVE-2013-1820: tuned before 2.x allows local users to kill running processes due to insecure permissions with…

Published: 2019-11-08T15:15:00 Last Modified: 2019-11-14T15:43:00

Summary

tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned’s ktune service.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2013-1820 vulnerability.

References

CVE-2019-10222: A flaw was found in the Ceph RGW configuration with Beast as the front end handling client…

Published: 2019-11-08T15:15:00 Last Modified: 2020-12-04T18:15:00

Summary

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Common Weakness Enumeration (CWE): CWE-755: Improper Handling of Exceptional Conditions

CWE Description: The software does not handle or incorrectly handles an exceptional condition.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10222 vulnerability.

References

CVE-2019-18811: A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux…

Published: 2019-11-07T16:15:00 Last Modified: 2020-08-24T17:37:00

Summary

A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-18811 vulnerability.

References

CVE-2016-1000037: Pagure: XSS possible in file attachment endpoint

Published: 2019-11-06T19:15:00 Last Modified: 2019-11-08T17:43:00

Summary

Pagure: XSS possible in file attachment endpoint

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-1000037 vulnerability.

References

CVE-2013-5123: The mirroring support (-M, –use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and…

Published: 2019-11-05T22:15:00 Last Modified: 2019-11-12T19:51:00

Summary

The mirroring support (-M, –use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2013-5123 vulnerability.

phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect by LiquidWorm at 2013-01-13

References

CVE-2013-4409: An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review…

Published: 2019-11-04T21:15:00 Last Modified: 2019-11-08T21:34:00

Summary

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4409 vulnerability.

References

CVE-2015-8980: The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote…

Published: 2019-11-04T21:15:00 Last Modified: 2019-11-06T14:30:00

Summary

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-8980 vulnerability.

References

CVE-2013-4251: The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Published: 2019-11-04T20:15:00 Last Modified: 2019-11-08T18:51:00

Summary

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2013-4251 vulnerability.

References

CVE-2013-4751: php-symfony2-Validator has loss of information during serialization

Published: 2019-11-01T13:15:00 Last Modified: 2019-11-06T15:53:00

Summary

php-symfony2-Validator has loss of information during serialization

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 4.9
Exploitability Score: 6.8
CVSS: 4.9
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4751 vulnerability.

References

CVE-2019-17596: Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic…

Published: 2019-10-24T22:15:00 Last Modified: 2021-11-30T19:42:00

Summary

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Common Weakness Enumeration (CWE): CWE-436: Interpretation Conflict

CWE Description: Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-17596 vulnerability.

References

CVE-2019-15166: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

Published: 2019-10-03T17:15:00 Last Modified: 2021-09-23T20:15:00

Summary

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-15166 vulnerability.

References

CVE-2018-14462: The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14462 vulnerability.

References

CVE-2018-14463: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14463 vulnerability.

References

CVE-2018-14469: The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14469 vulnerability.

References

CVE-2018-14461: The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14461 vulnerability.

References

CVE-2018-14467: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14467 vulnerability.

References

CVE-2018-14465: The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14465 vulnerability.

References

CVE-2018-14468: The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14468 vulnerability.

References

CVE-2018-14882: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14882 vulnerability.

References

CVE-2018-14881: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14881 vulnerability.

References

CVE-2018-14470: The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14470 vulnerability.

References

CVE-2018-14464: The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14464 vulnerability.

References

CVE-2018-14466: The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14466 vulnerability.

References

CVE-2018-14879: The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14879 vulnerability.

References

CVE-2018-14880: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14880 vulnerability.

References

CVE-2018-16227: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16227 vulnerability.

References

CVE-2018-16229: The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16229 vulnerability.

References

CVE-2018-16451: The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16451 vulnerability.

References

CVE-2018-16228: The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16228 vulnerability.

References

CVE-2018-16230: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()…

Published: 2019-10-03T16:15:00 Last Modified: 2020-01-20T13:15:00

Summary

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16230 vulnerability.

References

CVE-2019-16942: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10….

Published: 2019-10-01T17:15:00 Last Modified: 2021-07-20T23:15:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16942 vulnerability.

References

CVE-2019-16943: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10….

Published: 2019-10-01T17:15:00 Last Modified: 2021-07-20T23:15:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16943 vulnerability.

References

CVE-2019-16276: Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Published: 2019-09-30T19:15:00 Last Modified: 2021-03-22T13:19:00

Summary

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16276 vulnerability.

References

CVE-2019-10092: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting…

Published: 2019-09-26T16:15:00 Last Modified: 2021-09-09T01:05:00

Summary

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2019-10092 vulnerability.

Apache Httpd mod_proxy - Error Page Cross-Site Scripting by Sebastian Neef at 2019-10-14

References

CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way…

Published: 2019-09-19T18:15:00 Last Modified: 2021-06-02T15:22:00

Summary

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel’s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer ‘struct kvm_coalesced_mmio’ object, wherein write indices ‘ring->first’ and ‘ring->last’ value could be supplied by a host user-space process. An unprivileged host user or process with access to ‘/dev/kvm’ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14821 vulnerability.

References

CVE-2019-14835: A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s…

Published: 2019-09-17T16:15:00 Last Modified: 2021-06-02T15:44:00

Summary

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-14835 vulnerability.

References

CVE-2019-14540: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is…

Published: 2019-09-15T22:15:00 Last Modified: 2021-02-22T21:38:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14540 vulnerability.

References

CVE-2019-16335: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is…

Published: 2019-09-15T22:15:00 Last Modified: 2021-02-22T21:42:00

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-16335 vulnerability.

References

CVE-2019-9854: LibreOffice has a feature where documents can specify that pre-installed macros can be executed…

Published: 2019-09-06T19:15:00 Last Modified: 2020-08-24T17:37:00

Summary

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9854 vulnerability.

References

CVE-2019-14813: A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where…

Published: 2019-09-06T14:15:00 Last Modified: 2020-10-16T13:20:00

Summary

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14813 vulnerability.

References

CVE-2019-14811: A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure…

Published: 2019-09-03T16:15:00 Last Modified: 2020-10-16T13:21:00

Summary

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14811 vulnerability.

References

CVE-2019-14817: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other…

Published: 2019-09-03T16:15:00 Last Modified: 2020-10-16T13:21:00

Summary

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14817 vulnerability.

References

CVE-2019-10086: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows…

Published: 2019-08-20T21:15:00 Last Modified: 2022-02-07T16:15:00

Summary

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10086 vulnerability.

References

CVE-2019-9513: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of…

Published: 2019-08-13T21:15:00 Last Modified: 2021-01-30T02:36:00

Summary

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9513 vulnerability.

References

CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial…

Published: 2019-08-13T21:15:00 Last Modified: 2020-10-22T17:22:00

Summary

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9515 vulnerability.

References

CVE-2019-9516: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of…

Published: 2019-08-13T21:15:00 Last Modified: 2021-01-30T02:36:00

Summary

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 8.0
CVSS: 6.8
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9516 vulnerability.

References

CVE-2019-9511: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization…

Published: 2019-08-13T21:15:00 Last Modified: 2021-01-30T02:36:00

Summary

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9511 vulnerability.

References

CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of…

Published: 2019-08-13T21:15:00 Last Modified: 2020-12-09T00:15:00

Summary

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9514 vulnerability.

References

CVE-2019-9517: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially…

Published: 2019-08-13T21:15:00 Last Modified: 2021-06-06T11:15:00

Summary

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9517 vulnerability.

References

CVE-2019-9518: Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a…

Published: 2019-08-13T21:15:00 Last Modified: 2021-05-27T16:21:00

Summary

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9518 vulnerability.

References

CVE-2019-14379: SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when…

Published: 2019-07-29T12:15:00 Last Modified: 2021-06-14T18:15:00

Summary

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Common Weakness Enumeration (CWE): CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE Description: The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-14379 vulnerability.

References

CVE-2019-13272: In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the…

Published: 2019-07-17T13:15:00 Last Modified: 2021-11-28T23:34:00

Summary

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit’s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 4)

Code designed for conducting penetration testing on CVE-2019-13272 vulnerability.

References

CVE-2019-13616: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-…

Published: 2019-07-16T17:15:00 Last Modified: 2021-11-30T18:51:00

Summary

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-13616 vulnerability.

References

CVE-2019-10164: PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-…

Published: 2019-06-26T16:15:00 Last Modified: 2020-10-02T14:34:00

Summary

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user’s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 8.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10164 vulnerability.

References

CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as…

Published: 2019-06-19T00:15:00 Last Modified: 2020-10-16T12:58:00

Summary

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

Common Weakness Enumeration (CWE): CWE-908: Use of Uninitialized Resource

CWE Description: The software uses or accesses a resource that has not been initialized.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-11038 vulnerability.

References

CVE-2019-10155: The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange…

Published: 2019-06-12T14:29:00 Last Modified: 2020-09-30T14:20:00

Summary

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

Common Weakness Enumeration (CWE): CWE-354: Improper Validation of Integrity Check Value

CWE Description: The software does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Scores

Impact Score: 2.9
Exploitability Score: 6.8
CVSS: 3.5
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10155 vulnerability.

References

CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in…

Published: 2019-06-03T22:29:00 Last Modified: 2020-02-25T19:04:00

Summary

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-12614 vulnerability.

References

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in…

Published: 2019-06-03T19:29:00 Last Modified: 2020-10-15T14:37:00

Summary

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 6.5
CVSS: 8.3
CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2019-3846 vulnerability.

References

CVE-2019-10143: DISPUTED It was discovered freeradius up to and including version 3.0.19 does not correctly…

Published: 2019-05-24T17:29:00 Last Modified: 2020-09-30T14:22:00

Summary

** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated “there is simply no way for anyone to gain privileges through this alleged issue.”

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-10143 vulnerability.

References

CVE-2019-10132: A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-…

Published: 2019-05-22T18:29:00 Last Modified: 2019-06-11T16:29:00

Summary

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10132 vulnerability.

References

CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various…

Published: 2019-05-16T19:29:00 Last Modified: 2020-10-15T14:31:00

Summary

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3839 vulnerability.

References

CVE-2019-11036: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below…

Published: 2019-05-03T20:29:00 Last Modified: 2020-10-02T13:14:00

Summary

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-11036 vulnerability.

References

CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and…

Published: 2019-04-25T15:29:00 Last Modified: 2021-12-15T15:41:00

Summary

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 6.9
Exploitability Score: 8.0
CVSS: 6.8
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3900 vulnerability.

References

CVE-2019-11235: FreeRADIUS before 3.0.19 mishandles the “each participant verifies that the received scalar is…

Published: 2019-04-22T11:29:00 Last Modified: 2019-05-13T18:29:00

Summary

FreeRADIUS before 3.0.19 mishandles the “each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used” protection mechanism, aka a “Dragonblood” issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity

CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-11235 vulnerability.

References

CVE-2019-11234: FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a…

Published: 2019-04-22T11:29:00 Last Modified: 2019-05-13T18:29:00

Summary

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a “Dragonblood” issue, a similar issue to CVE-2019-9497.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-11234 vulnerability.

References

CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles…

Published: 2019-04-20T00:29:00 Last Modified: 2022-02-07T16:15:00

Summary

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-11358 vulnerability.

References

CVE-2019-3842: In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the…

Published: 2019-04-09T21:29:00 Last Modified: 2022-01-31T18:51:00

Summary

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the “allow_active” element rather than “allow_any”.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 3.4
CVSS: 4.4
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2019-3842 vulnerability.

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit by Google Security Research at 2019-04-23

References

CVE-2019-3880: A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry…

Published: 2019-04-09T16:29:00 Last Modified: 2019-05-27T08:29:00

Summary

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3880 vulnerability.

References

CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access…

Published: 2019-04-09T16:29:00 Last Modified: 2021-11-02T20:18:00

Summary

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0’s APIC register values via L2 guest, when ‘virtualize x2APIC mode’ is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-3887 vulnerability.

References

CVE-2019-0217: In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when…

Published: 2019-04-08T21:29:00 Last Modified: 2021-06-06T11:15:00

Summary

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Scores

Impact Score: 6.4
Exploitability Score: 6.8
CVSS: 6.0
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-0217 vulnerability.

References

CVE-2019-5419: There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2,…

Published: 2019-03-27T14:29:00 Last Modified: 2020-10-16T19:02:00

Summary

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5419 vulnerability.

References

CVE-2019-5418: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2,…

Published: 2019-03-27T14:29:00 Last Modified: 2020-10-16T19:02:00

Summary

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system’s filesystem to be exposed.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2019-5418 vulnerability.

Rails 5.2.1 - Arbitrary File Content Disclosure by NotoriousRebel at 2019-03-21

References

CVE-2019-3877: A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL…

Published: 2019-03-27T13:29:00 Last Modified: 2019-04-16T18:29:00

Summary

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.

Common Weakness Enumeration (CWE): CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)

CWE Description: A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3877 vulnerability.

References

CVE-2019-3804: It was found that cockpit before version 184 used glib’s base64 decode functionality incorrectly…

Published: 2019-03-26T18:29:00 Last Modified: 2021-10-29T19:25:00

Summary

It was found that cockpit before version 184 used glib’s base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

Common Weakness Enumeration (CWE): CWE-909: Missing Initialization of Resource

CWE Description: The software does not initialize a critical resource.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3804 vulnerability.

References

CVE-2019-3878: A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse…

Published: 2019-03-26T18:29:00 Last Modified: 2019-05-07T09:29:00

Summary

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3878 vulnerability.

References

CVE-2019-3838: It was found that the forceput operator could be extracted from the DefineResource method in…

Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T14:05:00

Summary

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3838 vulnerability.

References

CVE-2019-3856: An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2…

Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:43:00

Summary

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3856 vulnerability.

References

CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript…

Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:50:00

Summary

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3835 vulnerability.

References

CVE-2019-3857: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2…

Published: 2019-03-25T19:29:00 Last Modified: 2020-10-15T13:43:00

Summary

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3857 vulnerability.

References

CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2…

Published: 2019-03-21T21:29:00 Last Modified: 2020-10-15T13:42:00

Summary

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3855 vulnerability.

References

CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system…

Published: 2019-03-21T16:01:00 Last Modified: 2020-08-24T17:37:00

Summary

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2019-6116 vulnerability.

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution by Google Security Research at 2019-01-24

References

CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-…

Published: 2019-03-21T16:01:00 Last Modified: 2022-01-28T19:12:00

Summary

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-6454 vulnerability.

References

CVE-2019-7221: The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

Published: 2019-03-21T16:01:00 Last Modified: 2020-10-15T13:28:00

Summary

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-7221 vulnerability.

References

CVE-2018-12023: An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When…

Published: 2019-03-21T16:00:00 Last Modified: 2020-10-20T22:15:00

Summary

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-12023 vulnerability.

References

CVE-2018-12022: An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When…

Published: 2019-03-21T16:00:00 Last Modified: 2020-10-20T22:15:00

Summary

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-12022 vulnerability.

References

CVE-2019-3816: Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure…

Published: 2019-03-14T22:29:00 Last Modified: 2021-11-02T20:17:00

Summary

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-3816 vulnerability.

References

CVE-2019-9741: An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker…

Published: 2019-03-13T08:29:00 Last Modified: 2021-03-22T13:05:00

Summary

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

Common Weakness Enumeration (CWE): CWE-93: Improper Neutralization of CRLF Sequences (‘CRLF Injection’)

CWE Description: The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9741 vulnerability.

References

CVE-2019-9636: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode…

Published: 2019-03-08T21:29:00 Last Modified: 2020-10-29T14:15:00

Summary

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-9636 vulnerability.

References

CVE-2019-5760: Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5760 vulnerability.

References

CVE-2019-5762: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T14:53:00

Summary

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5762 vulnerability.

References

CVE-2019-5759: Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to…

Published: 2019-02-19T17:29:00 Last Modified: 2021-09-08T17:21:00

Summary

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5759 vulnerability.

References

CVE-2019-5763: Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE Description: The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5763 vulnerability.

References

CVE-2019-5769: Incorrect handling of invalid end character position when front rendering in Blink in Google…

Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T16:25:00

Summary

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5769 vulnerability.

References

CVE-2019-5756: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2019-04-17T17:20:00

Summary

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5756 vulnerability.

References

CVE-2019-5764: Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5764 vulnerability.

References

CVE-2019-5757: An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a…

Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T15:06:00

Summary

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast

CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5757 vulnerability.

References

CVE-2019-5768: DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5768 vulnerability.

References

CVE-2019-5755: Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote…

Published: 2019-02-19T17:29:00 Last Modified: 2019-04-17T15:03:00

Summary

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5755 vulnerability.

References

CVE-2019-5754: Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5754 vulnerability.

References

CVE-2019-5773: Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error

CWE Description: The software does not properly verify that the source of data or communication is valid.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5773 vulnerability.

References

CVE-2019-5774: Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5774 vulnerability.

References

CVE-2019-5775: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5775 vulnerability.

References

CVE-2019-5765: An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

Common Weakness Enumeration (CWE): CWE-312: Cleartext Storage of Sensitive Information

CWE Description: The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5765 vulnerability.

References

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5772 vulnerability.

References

CVE-2019-5782: Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5782 vulnerability.

References

CVE-2019-5778: A missing case for handling special schemes in permission request checks in Extensions in Google…

Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T14:58:00

Summary

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5778 vulnerability.

References

CVE-2019-5758: Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5758 vulnerability.

References

CVE-2019-5767: Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

Common Weakness Enumeration (CWE): CWE-1021: Improper Restriction of Rendered UI Layers or Frames

CWE Description: The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5767 vulnerability.

References

CVE-2019-5761: Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5761 vulnerability.

References

CVE-2019-5770: Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote…

Published: 2019-02-19T17:29:00 Last Modified: 2019-04-18T15:57:00

Summary

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5770 vulnerability.

References

CVE-2019-5777: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5777 vulnerability.

References

CVE-2019-5781: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5781 vulnerability.

References

CVE-2019-5780: Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior…

Published: 2019-02-19T17:29:00 Last Modified: 2021-09-08T17:21:00

Summary

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-5780 vulnerability.

References

CVE-2019-5771: An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5771 vulnerability.

References

CVE-2019-5766: Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5766 vulnerability.

References

CVE-2019-5776: Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81…

Published: 2019-02-19T17:29:00 Last Modified: 2021-07-21T11:39:00

Summary

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5776 vulnerability.

References

CVE-2019-5779: Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a…

Published: 2019-02-19T17:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-5779 vulnerability.

References

CVE-2019-5736: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to…

Published: 2019-02-11T19:29:00 Last Modified: 2021-12-16T18:38:00

Summary

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2019-5736 vulnerability.

References

CVE-2019-1000020: libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0…

Published: 2019-02-04T21:29:00 Last Modified: 2020-08-24T17:37:00

Summary

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-1000020 vulnerability.

References

CVE-2019-1000019: libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2…

Published: 2019-02-04T21:29:00 Last Modified: 2019-11-06T01:15:00

Summary

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-1000019 vulnerability.

References

CVE-2018-17189: In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to…

Published: 2019-01-30T22:29:00 Last Modified: 2021-07-06T16:39:00

Summary

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-17189 vulnerability.

References

CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd…

Published: 2019-01-15T15:29:00 Last Modified: 2021-11-02T20:07:00

Summary

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return ‘/’ (the root directory) instead of ’’ (the empty string / no home directory). This could impact services that restrict the user’s filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Scores

Impact Score: 2.9
Exploitability Score: 5.1
CVSS: 2.7
CVSS Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2019-3811 vulnerability.

References

CVE-2018-16886: etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper…

Published: 2019-01-14T19:29:00 Last Modified: 2019-10-24T12:24:00

Summary

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16886 vulnerability.

References

CVE-2018-1000877: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0…

Published: 2018-12-20T17:29:00 Last Modified: 2019-11-06T01:15:00

Summary

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

Common Weakness Enumeration (CWE): CWE-415: Double Free

CWE Description: The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1000877 vulnerability.

References

CVE-2018-1000878: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0…

Published: 2018-12-20T17:29:00 Last Modified: 2019-11-06T01:15:00

Summary

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1000878 vulnerability.

References

CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular…

Published: 2018-12-07T21:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-18311 vulnerability.

References

CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based…

Published: 2018-11-29T18:29:00 Last Modified: 2020-09-29T02:09:00

Summary

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

Common Weakness Enumeration (CWE): CWE-681: Incorrect Conversion between Numeric Types

CWE Description: When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8786 vulnerability.

References

CVE-2018-19139: An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from…

Published: 2018-11-09T21:29:00 Last Modified: 2020-09-25T12:15:00

Summary

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime

CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-19139 vulnerability.

References

CVE-2018-14647: Python’s elementtree C accelerator failed to initialise Expat’s hash salt during initialization….

Published: 2018-09-25T00:29:00 Last Modified: 2020-07-29T12:15:00

Summary

Python’s elementtree C accelerator failed to initialise Expat’s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat’s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Common Weakness Enumeration (CWE): CWE-909: Missing Initialization of Resource

CWE Description: The software does not initialize a critical resource.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-14647 vulnerability.

References

CVE-2018-10845: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen…

Published: 2018-08-22T13:29:00 Last Modified: 2020-10-22T13:18:00

Summary

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-10845 vulnerability.

References

CVE-2018-10846: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM…

Published: 2018-08-22T13:29:00 Last Modified: 2020-10-22T13:19:00

Summary

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of “Just in Time” Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-10846 vulnerability.

References

CVE-2018-10844: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen…

Published: 2018-08-22T13:29:00 Last Modified: 2020-10-22T13:11:00

Summary

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-10844 vulnerability.

References

CVE-2018-1061: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic…

Published: 2018-06-19T12:29:00 Last Modified: 2019-10-03T00:03:00

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1061 vulnerability.

References

CVE-2018-1060: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic…

Published: 2018-06-18T14:29:00 Last Modified: 2020-01-15T20:15:00

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib’s apop() method. An attacker could use this flaw to cause denial of service.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1060 vulnerability.

References

CVE-2018-1090: In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and…

Published: 2018-06-18T14:29:00 Last Modified: 2019-10-09T23:38:00

Summary

In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1090 vulnerability.

References

CVE-2018-1111: DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a…

Published: 2018-05-17T16:29:00 Last Modified: 2019-10-03T00:03:00

Summary

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Scores

Impact Score: 10.0
Exploitability Score: 5.5
CVSS: 7.9
CVSS Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: ADJACENT_NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2018-1111 vulnerability.

References

CVE-2018-1098: A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a…

Published: 2018-04-03T16:29:00 Last Modified: 2019-05-06T06:29:00

Summary

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can’t PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1098 vulnerability.

References

CVE-2018-1099: DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS…

Published: 2018-04-03T16:29:00 Last Modified: 2019-05-06T06:29:00

Summary

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2018-1099 vulnerability.

References

CVE-2018-7262: In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function…

Published: 2018-03-19T21:29:00 Last Modified: 2019-02-04T17:25:00

Summary

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn’t handle malformed HTTP headers properly, allowing for denial of service.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-7262 vulnerability.

References

CVE-2018-5730: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP…

Published: 2018-03-06T20:29:00 Last Modified: 2021-09-30T22:15:00

Summary

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a “linkdn” and “containerdn” database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

Common Weakness Enumeration (CWE): CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)

CWE Description: The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-5730 vulnerability.

References

CVE-2018-5729: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP…

Published: 2018-03-06T20:29:00 Last Modified: 2021-10-18T12:11:00

Summary

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-5729 vulnerability.

References

CVE-2018-5345: A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious…

Published: 2018-01-12T00:29:00 Last Modified: 2020-08-24T17:37:00

Summary

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-5345 vulnerability.

References

CVE-2014-1859: (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4)…

Published: 2018-01-08T19:29:00 Last Modified: 2019-04-22T17:48:00

Summary

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2014-1859 vulnerability.

References

CVE-2014-8119: The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of…

Published: 2017-12-29T22:29:00 Last Modified: 2019-04-22T17:48:00

Summary

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-8119 vulnerability.

References

CVE-2017-16818: RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial…

Published: 2017-12-20T17:29:00 Last Modified: 2019-10-03T00:03:00

Summary

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging “full” (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.

Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion

CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-16818 vulnerability.

References

CVE-2015-5740: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP…

Published: 2017-10-18T20:29:00 Last Modified: 2019-05-09T20:13:00

Summary

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5740 vulnerability.

References

CVE-2015-5739: The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP…

Published: 2017-10-18T20:29:00 Last Modified: 2019-05-10T16:45:00

Summary

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by “Content Length” instead of “Content-Length.”

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5739 vulnerability.

References

CVE-2017-13704: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size…

Published: 2017-10-03T01:29:00 Last Modified: 2018-05-11T01:29:00

Summary

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero’s (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-13704 vulnerability.

References

CVE-2017-11610: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x…

Published: 2017-08-23T14:29:00 Last Modified: 2019-10-03T00:03:00

Summary

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

Impact Score: 10.0
Exploitability Score: 8.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2017-11610 vulnerability.

Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit) by Metasploit at 2017-09-25

References

CVE-2015-3405: ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys…

Published: 2017-08-09T16:29:00 Last Modified: 2020-05-28T14:08:00

Summary

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Common Weakness Enumeration (CWE): CWE-331: Insufficient Entropy

CWE Description: The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3405 vulnerability.

References

CVE-2015-5219: The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions…

Published: 2017-07-21T14:29:00 Last Modified: 2021-04-19T15:13:00

Summary

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Common Weakness Enumeration (CWE): CWE-704: Incorrect Type Conversion or Cast

CWE Description: The software does not correctly convert an object, resource, or structure from one type to a different type.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5219 vulnerability.

References

CVE-2015-5194: The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote…

Published: 2017-07-21T14:29:00 Last Modified: 2018-05-18T01:29:00

Summary

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5194 vulnerability.

References

CVE-2015-5195: ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of…

Published: 2017-07-21T14:29:00 Last Modified: 2018-05-18T01:29:00

Summary

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5195 vulnerability.

References

CVE-2015-5300: The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the…

Published: 2017-07-21T14:29:00 Last Modified: 2018-10-30T16:27:00

Summary

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Common Weakness Enumeration (CWE): CWE-361: 7PK - Time and State

CWE Description: This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads. According to the authors of the Seven Pernicious Kingdoms, “Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer’s model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information.”

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5300 vulnerability.

References

CVE-2017-1000050: JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed…

Published: 2017-07-17T13:18:00 Last Modified: 2021-02-22T14:20:00

Summary

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-1000050 vulnerability.

References

CVE-2016-5177: Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers…

Published: 2017-05-23T04:29:00 Last Modified: 2018-10-30T16:27:00

Summary

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5177 vulnerability.

References

CVE-2016-5178: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers…

Published: 2017-05-23T04:29:00 Last Modified: 2018-10-30T16:27:00

Summary

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5178 vulnerability.

References

CVE-2016-0720: Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Published: 2017-04-21T15:59:00 Last Modified: 2017-04-27T13:26:00

Summary

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0720 vulnerability.

References

CVE-2016-0721: Session fixation vulnerability in pcsd in pcs before 0.9.157.

Published: 2017-04-21T15:59:00 Last Modified: 2017-04-27T16:15:00

Summary

Session fixation vulnerability in pcsd in pcs before 0.9.157.

Common Weakness Enumeration (CWE): CWE-384: Session Fixation

CWE Description: Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0721 vulnerability.

References

CVE-2016-7103: Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers…

Published: 2017-03-15T16:59:00 Last Modified: 2022-02-07T16:15:00

Summary

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-7103 vulnerability.

References

CVE-2016-9446: The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote…

Published: 2017-01-23T21:59:00 Last Modified: 2021-11-30T22:12:00

Summary

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

Common Weakness Enumeration (CWE): CWE-665: Improper Initialization

CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-9446 vulnerability.

References

CVE-2016-7545: SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox…

Published: 2017-01-19T20:59:00 Last Modified: 2018-01-05T02:31:00

Summary

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-7545 vulnerability.

References

CVE-2016-9811: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE…

Published: 2017-01-13T16:59:00 Last Modified: 2021-11-29T21:08:00

Summary

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-9811 vulnerability.

References

CVE-2016-3110: mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial…

Published: 2016-09-26T14:59:00 Last Modified: 2019-05-10T15:34:00

Summary

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-3110 vulnerability.

References

CVE-2016-5766: Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd)…

Published: 2016-08-07T10:59:00 Last Modified: 2019-04-22T17:48:00

Summary

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5766 vulnerability.

References

CVE-2016-2775: ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or…

Published: 2016-07-19T22:59:00 Last Modified: 2020-08-25T20:18:00

Summary

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2775 vulnerability.

References

CVE-2016-5385: PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and…

Published: 2016-07-19T02:00:00 Last Modified: 2021-09-29T16:17:00

Summary

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(‘HTTP_PROXY’) call or (2) a CGI configuration of PHP, aka an “httpoxy” issue.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5385 vulnerability.

References

CVE-2016-5386: The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18…

Published: 2016-07-19T02:00:00 Last Modified: 2019-12-27T16:08:00

Summary

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5386 vulnerability.

References

CVE-2016-5387: The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not…

Published: 2016-07-19T02:00:00 Last Modified: 2021-06-06T11:15:00

Summary

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. NOTE: the vendor states “This mitigation has been assigned the identifier CVE-2016-5387”; in other words, this is not a CVE ID for a vulnerability.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5387 vulnerability.

References

CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not…

Published: 2016-06-27T10:59:00 Last Modified: 2019-04-22T17:48:00

Summary

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5244 vulnerability.

References

CVE-2016-3096: The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before…

Published: 2016-06-03T14:59:00 Last Modified: 2018-10-30T16:28:00

Summary

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-3096 vulnerability.

References

CVE-2015-8540: Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99,…

Published: 2016-04-14T14:59:00 Last Modified: 2021-06-29T15:15:00

Summary

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-8540 vulnerability.

References

CVE-2016-0739: libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-…

Published: 2016-04-13T17:59:00 Last Modified: 2017-12-09T02:29:00

Summary

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a “bits/bytes confusion bug.”

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0739 vulnerability.

References

CVE-2016-3068: Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext::…

Published: 2016-04-13T16:59:00 Last Modified: 2018-10-30T16:27:00

Summary

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-3068 vulnerability.

References

CVE-2016-3069: Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when…

Published: 2016-04-13T16:59:00 Last Modified: 2018-10-30T16:27:00

Summary

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-3069 vulnerability.

References

CVE-2015-5295: The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and…

Published: 2016-01-20T16:59:00 Last Modified: 2019-06-19T15:53:00

Summary

The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 4.9
Exploitability Score: 8.0
CVSS: 5.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5295 vulnerability.

References

CVE-2015-1779: The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service…

Published: 2016-01-12T19:59:00 Last Modified: 2020-10-05T11:40:00

Summary

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1779 vulnerability.

References

CVE-2015-5254: Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the…

Published: 2016-01-08T19:59:00 Last Modified: 2019-12-17T17:41:00

Summary

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5254 vulnerability.

References

CVE-2015-3196: ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when…

Published: 2015-12-06T20:59:00 Last Modified: 2019-06-13T18:15:00

Summary

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3196 vulnerability.

References

CVE-2015-3195: The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0…

Published: 2015-12-06T20:59:00 Last Modified: 2021-01-19T17:27:00

Summary

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3195 vulnerability.

References

CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before…

Published: 2015-11-13T03:59:00 Last Modified: 2020-09-08T12:30:00

Summary

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-8126 vulnerability.

References

CVE-2015-5225: Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU…

Published: 2015-11-06T21:59:00 Last Modified: 2017-11-04T01:29:00

Summary

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2015-5225 vulnerability.

References

CVE-2015-5234: IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which…

Published: 2015-10-09T14:59:00 Last Modified: 2018-10-30T16:27:00

Summary

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5234 vulnerability.

References

CVE-2015-5235: IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of…

Published: 2015-10-09T14:59:00 Last Modified: 2018-10-30T16:27:00

Summary

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5235 vulnerability.

References

CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption)…

Published: 2015-08-14T18:59:00 Last Modified: 2019-12-27T16:08:00

Summary

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1819 vulnerability.

References

CVE-2015-5165: The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen…

Published: 2015-08-12T14:59:00 Last Modified: 2022-02-11T14:52:00

Summary

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Common Weakness Enumeration (CWE): CWE-908: Use of Uninitialized Resource

CWE Description: The software uses or accesses a resource that has not been initialized.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5165 vulnerability.

References

CVE-2015-3209: Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute…

Published: 2015-06-15T15:59:00 Last Modified: 2022-02-11T05:40:00

Summary

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3209 vulnerability.

References

CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol…

Published: 2015-05-27T10:59:00 Last Modified: 2021-07-15T19:15:00

Summary

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Common Weakness Enumeration (CWE): CWE-17:

CWE Description:

Scores

Impact Score: 2.9
Exploitability Score: 6.5
CVSS: 3.3
CVSS Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2015-2922 vulnerability.

References

CVE-2015-1774: The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before…

Published: 2015-04-28T14:59:00 Last Modified: 2022-02-07T16:32:00

Summary

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1774 vulnerability.

References

CVE-2014-9660: The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9660 vulnerability.

References

CVE-2014-9664: FreeType before 2.5.4 does not check for the end of the data during certain parsing actions,…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9664 vulnerability.

References

CVE-2014-9667: sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9667 vulnerability.

References

CVE-2014-9669: Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9669 vulnerability.

References

CVE-2014-9670: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9670 vulnerability.

References

CVE-2014-9657: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9657 vulnerability.

References

CVE-2014-9661: type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9661 vulnerability.

References

CVE-2014-9663: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field’s value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9663 vulnerability.

References

CVE-2014-9666: The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9666 vulnerability.

References

CVE-2014-9674: The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9674 vulnerability.

References

CVE-2014-9675: bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9675 vulnerability.

References

CVE-2014-9658: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect…

Published: 2015-02-08T11:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-9658 vulnerability.

References

CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier,…

Published: 2015-01-21T19:59:00 Last Modified: 2019-02-01T17:53:00

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-0411 vulnerability.

References

CVE-2015-0407: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers…

Published: 2015-01-21T18:59:00 Last Modified: 2020-09-08T13:00:00

Summary

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-0407 vulnerability.

References

CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows…

Published: 2015-01-21T18:59:00 Last Modified: 2019-02-01T17:58:00

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-0382 vulnerability.

References

CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows…

Published: 2015-01-21T18:59:00 Last Modified: 2019-02-01T18:04:00

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

Scores

Impact Score: 2.9
Exploitability Score: 6.8
CVSS: 3.5
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-0374 vulnerability.

References

CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows…

Published: 2015-01-21T18:59:00 Last Modified: 2019-02-01T18:02:00

Summary

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-0381 vulnerability.

References

CVE-2015-0383: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71…

Published: 2015-01-21T18:59:00 Last Modified: 2020-09-08T13:00:00

Summary

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.

Scores

Impact Score: 7.8
Exploitability Score: 3.4
CVSS: 5.4
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2015-0383 vulnerability.

References

CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier,…

Published: 2015-01-21T15:28:00 Last Modified: 2018-12-18T16:06:00

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

Scores

Impact Score: 2.9
Exploitability Score: 6.8
CVSS: 3.5
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-6568 vulnerability.

References

CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel…

Published: 2015-01-09T21:59:00 Last Modified: 2020-05-21T17:41:00

Summary

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2014-9529 vulnerability.

References

CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not…

Published: 2015-01-09T21:59:00 Last Modified: 2020-05-21T20:35:00

Summary

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2014-9585 vulnerability.

References

CVE-2014-5353: The krb5_ldap_get_password_policy_from_dn function in…

Published: 2014-12-16T23:59:00 Last Modified: 2021-02-02T18:57:00

Summary

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 6.8
CVSS: 3.5
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-5353 vulnerability.

References

CVE-2014-7821: OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users…

Published: 2014-11-24T15:59:00 Last Modified: 2018-10-19T18:24:00

Summary

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-7821 vulnerability.

References

CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic…

Published: 2014-10-15T00:55:00 Last Modified: 2021-11-17T22:15:00

Summary

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

CWE Description: Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-3566 vulnerability.

References

CVE-2014-6055: Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer…

Published: 2014-09-30T16:55:00 Last Modified: 2020-10-23T13:15:00

Summary

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-6055 vulnerability.

References

CVE-2014-6051: Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and…

Published: 2014-09-30T16:55:00 Last Modified: 2020-10-23T13:15:00

Summary

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-6051 vulnerability.

References

CVE-2014-4341: MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service…

Published: 2014-07-20T11:12:00 Last Modified: 2021-02-02T19:00:00

Summary

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-4341 vulnerability.

References

CVE-2014-0247: LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and…

Published: 2014-07-03T17:55:00 Last Modified: 2018-10-30T16:27:00

Summary

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0247 vulnerability.

References

CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before…

Published: 2014-06-05T21:55:00 Last Modified: 2019-04-22T17:48:00

Summary

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0195 vulnerability.

References

CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before…

Published: 2014-06-05T21:55:00 Last Modified: 2019-04-22T17:48:00

Summary

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0221 vulnerability.

References

CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict…

Published: 2014-06-05T21:55:00 Last Modified: 2021-11-17T22:15:00

Summary

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the “CCS Injection” vulnerability.

Common Weakness Enumeration (CWE): CWE-326: Inadequate Encryption Strength

CWE Description: The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0224 vulnerability.

References

CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before…

Published: 2014-06-05T21:55:00 Last Modified: 2019-04-22T17:48:00

Summary

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-3470 vulnerability.

References

CVE-2014-1530: The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5,…

Published: 2014-04-30T10:49:00 Last Modified: 2020-08-07T19:19:00

Summary

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1530 vulnerability.

References

CVE-2014-1529: The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5,…

Published: 2014-04-30T10:49:00 Last Modified: 2020-08-06T17:42:00

Summary

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1529 vulnerability.

References

CVE-2014-1531: Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in…

Published: 2014-04-30T10:49:00 Last Modified: 2020-08-07T19:26:00

Summary

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1531 vulnerability.

References

CVE-2014-1532: Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in…

Published: 2014-04-30T10:49:00 Last Modified: 2020-08-06T17:57:00

Summary

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1532 vulnerability.

References

CVE-2014-1523: Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR…

Published: 2014-04-30T10:49:00 Last Modified: 2020-08-07T18:53:00

Summary

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1523 vulnerability.

References

CVE-2014-1524: The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR…

Published: 2014-04-30T10:49:00 Last Modified: 2020-08-06T17:35:00

Summary

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1524 vulnerability.

References

CVE-2014-1518: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0,…

Published: 2014-04-30T10:49:00 Last Modified: 2020-08-07T18:52:00

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1518 vulnerability.

References

CVE-2013-6456: The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete…

Published: 2014-04-15T23:55:00 Last Modified: 2015-01-03T02:22:00

Summary

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to “paths under /proc/$PID/root” and the virInitctlSetRunLevel function.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

Scores

Impact Score: 7.8
Exploitability Score: 4.4
CVSS: 5.8
CVSS Vector: AV:A/AC:M/Au:S/C:N/I:P/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2013-6456 vulnerability.

References

CVE-2014-0160: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle…

Published: 2014-04-07T22:55:00 Last Modified: 2020-10-15T13:29:00

Summary

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 5)

Code designed for conducting penetration testing on CVE-2014-0160 vulnerability.

References

CVE-2011-4930: Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x…

Published: 2014-02-10T18:15:00 Last Modified: 2021-07-15T19:16:00

Summary

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

Common Weakness Enumeration (CWE): CWE-134: Use of Externally-Controlled Format String

CWE Description: The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Scores

Impact Score: 6.4
Exploitability Score: 3.4
CVSS: 4.4
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2011-4930 vulnerability.

References

CVE-2014-1479: The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x…

Published: 2014-02-06T05:44:00 Last Modified: 2020-08-10T20:57:00

Summary

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1479 vulnerability.

References

CVE-2014-1481: Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey…

Published: 2014-02-06T05:44:00 Last Modified: 2020-08-11T13:14:00

Summary

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1481 vulnerability.

References

CVE-2014-1486: Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0,…

Published: 2014-02-06T05:44:00 Last Modified: 2020-08-07T19:37:00

Summary

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1486 vulnerability.

References

CVE-2014-1477: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0,…

Published: 2014-02-06T05:44:00 Last Modified: 2020-08-07T19:36:00

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1477 vulnerability.

References

CVE-2014-1482: RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before…

Published: 2014-02-06T05:44:00 Last Modified: 2020-08-11T13:33:00

Summary

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1482 vulnerability.

References

CVE-2014-1487: The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3,…

Published: 2014-02-06T05:44:00 Last Modified: 2020-08-11T13:38:00

Summary

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error

CWE Description: The software does not properly verify that the source of data or communication is valid.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-1487 vulnerability.

References

CVE-2013-5618: Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user…

Published: 2013-12-11T15:55:00 Last Modified: 2020-08-12T14:40:00

Summary

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-5618 vulnerability.

References

CVE-2013-5612: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23…

Published: 2013-12-11T15:55:00 Last Modified: 2020-08-21T18:42:00

Summary

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-5612 vulnerability.

References

CVE-2013-5609: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0,…

Published: 2013-12-11T15:55:00 Last Modified: 2020-08-12T14:42:00

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-5609 vulnerability.

References

CVE-2013-5613: Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox…

Published: 2013-12-11T15:55:00 Last Modified: 2020-08-12T14:45:00

Summary

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-5613 vulnerability.

References

CVE-2013-5616: Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in…

Published: 2013-12-11T15:55:00 Last Modified: 2020-08-12T14:45:00

Summary

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-5616 vulnerability.

References

CVE-2013-5614: Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox…

Published: 2013-12-11T15:55:00 Last Modified: 2020-08-21T18:41:00

Summary

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

Common Weakness Enumeration (CWE): CWE-1021: Improper Restriction of Rendered UI Layers or Frames

Scores

Impact Score: 2.9
Exploitability Score: 8.6
CVSS: 4.3
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-5614 vulnerability.

References

CVE-2013-6671: The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before…

Published: 2013-12-11T15:55:00 Last Modified: 2020-08-12T14:39:00

Summary

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)

CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-6671 vulnerability.

References

CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel…

Published: 2013-10-10T10:55:00 Last Modified: 2021-07-15T19:16:00

Summary

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4345 vulnerability.

References

CVE-2013-4222: OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3…

Published: 2013-09-30T22:55:00 Last Modified: 2020-06-02T19:46:00

Summary

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

Common Weakness Enumeration (CWE): CWE-522: Insufficiently Protected Credentials

CWE Description: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4222 vulnerability.

References

CVE-2013-4124: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before…

Published: 2013-08-06T02:56:00 Last Modified: 2018-10-30T16:27:00

Summary

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2013-4124 vulnerability.

Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow by x90c at 2013-08-22

References

CVE-2013-4854: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1,…

Published: 2013-07-29T13:59:00 Last Modified: 2019-04-22T17:48:00

Summary

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4854 vulnerability.

References

CVE-2002-2443: schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not…

Published: 2013-05-29T14:29:00 Last Modified: 2021-02-02T18:44:00

Summary

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2002-2443 vulnerability.

References

CVE-2013-1416: The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT…

Published: 2013-04-19T11:44:00 Last Modified: 2021-02-02T18:40:00

Summary

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 2.9
Exploitability Score: 8.0
CVSS: 4.0
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-1416 vulnerability.

References

CVE-2012-1568: The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise…

Published: 2013-03-01T05:40:00 Last Modified: 2019-04-22T17:48:00

Summary

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.

Scores

Impact Score: 2.9
Exploitability Score: 3.4
CVSS: 1.9
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-1568 vulnerability.

References

CVE-2012-5536: A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and…

Published: 2013-02-22T00:55:00 Last Modified: 2019-04-22T17:48:00

Summary

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 10.0
Exploitability Score: 1.9
CVSS: 6.2
CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-5536 vulnerability.

References

CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU…

Published: 2013-02-13T01:55:00 Last Modified: 2020-08-11T15:21:00

Summary

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 8.6
CVSS: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-6075 vulnerability.

References

CVE-2013-0170: Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in…

Published: 2013-02-08T20:55:00 Last Modified: 2020-10-22T15:40:00

Summary

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-0170 vulnerability.

References

CVE-2012-4453: dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other…

Published: 2012-10-09T23:55:00 Last Modified: 2020-10-09T18:10:00

Summary

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2012-4453 vulnerability.

References

CVE-2012-1149: Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly…

Published: 2012-06-21T15:55:00 Last Modified: 2017-08-29T01:31:00

Summary

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-1149 vulnerability.

References

CVE-2011-3045: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01,…

Published: 2012-03-22T16:55:00 Last Modified: 2020-04-14T16:06:00

Summary

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-3045 vulnerability.

References

CVE-2011-1011: The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of…

Published: 2011-02-24T21:00:00 Last Modified: 2019-04-22T17:48:00

Summary

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2011-1011 vulnerability.

References

CVE-2010-4494: Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before…

Published: 2010-12-07T21:00:00 Last Modified: 2020-07-31T18:38:00

Summary

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Common Weakness Enumeration (CWE): CWE-415: Double Free

CWE Description: The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2010-4494 vulnerability.

References

CVE-2010-3702: The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly…

Published: 2010-11-05T18:00:00 Last Modified: 2020-12-23T15:01:00

Summary

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2010-3702 vulnerability.

References

CVE-2010-1772: Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used…

Published: 2010-09-24T19:00:00 Last Modified: 2020-08-14T16:22:00

Summary

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2010-1772 vulnerability.

References

CVE-2010-1773: Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in…

Published: 2010-09-24T19:00:00 Last Modified: 2020-08-14T16:23:00

Summary

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

Common Weakness Enumeration (CWE): CWE-193: Off-by-one Error

CWE Description: A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2010-1773 vulnerability.

References

CVE-2009-3080: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel…

Published: 2009-11-20T17:30:00 Last Modified: 2020-09-09T12:56:00

Summary

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

Common Weakness Enumeration (CWE): CWE-129: Improper Validation of Array Index

CWE Description: The most common condition situation leading to an out-of-bounds array index is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function’s return value, or the resulting value of a calculation directly as an index in to a buffer.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2009-3080 vulnerability.

References

CVE-2009-2910: arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not…

Published: 2009-10-20T17:30:00 Last Modified: 2020-08-07T15:02:00

Summary

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2009-2910 vulnerability.

References

CVE-2009-2848: The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear…

Published: 2009-08-18T21:00:00 Last Modified: 2020-08-28T13:10:00

Summary

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

Impact Score: 8.5
Exploitability Score: 3.4
CVSS: 5.9
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:C

Impact

Availability: COMPLETE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2009-2848 vulnerability.

References

CVE-2009-1573: xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place…

Published: 2009-05-06T17:30:00 Last Modified: 2017-08-17T01:30:00

Summary

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2009-1573 vulnerability.

References

CVE-2008-6552: Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink…

Published: 2009-03-30T16:30:00 Last Modified: 2017-09-29T01:33:00

Summary

Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

Scores

Impact Score: 10.0
Exploitability Score: 3.4
CVSS: 6.9
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2008-6552 vulnerability.

References

CVE-2008-3832: A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora…

Published: 2008-10-03T17:41:00 Last Modified: 2017-08-08T01:32:00

Summary

A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2008-3832 vulnerability.

Linux Kernel (Fedora 8/9) - 'utrace_control' Null Pointer Dereference Denial of Service by Michael Simms at 2008-10-02

References

CVE-2008-3524: rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local…

Published: 2008-09-29T17:17:00 Last Modified: 2017-08-08T01:31:00

Summary

rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2008-3524 vulnerability.

References

CVE-2008-2944: Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat…

Published: 2008-06-30T21:41:00 Last Modified: 2022-02-07T19:50:00

Summary

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.

Common Weakness Enumeration (CWE): CWE-415: Double Free

CWE Description: The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2008-2944 vulnerability.

References

CVE-2008-2359: The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8…

Published: 2008-06-02T21:30:00 Last Modified: 2017-08-08T01:30:00

Summary

The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration.

Common Weakness Enumeration (CWE): CWE-16: Configuration

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2008-2359 vulnerability.

References

CVE-2007-5962: Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux…

Published: 2008-05-22T13:09:00 Last Modified: 2018-10-15T21:48:00

Summary

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 6.9
Exploitability Score: 8.6
CVSS: 7.1
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 3)

Code designed for conducting penetration testing on CVE-2007-5962 vulnerability.

References

CVE-2008-1677: Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before…

Published: 2008-05-12T16:20:00 Last Modified: 2022-02-03T19:56:00

Summary

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-1677 vulnerability.

References

CVE-2008-0892: The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as…

Published: 2008-04-16T18:05:00 Last Modified: 2022-02-03T19:56:00

Summary

The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

Impact Score: 10.0
Exploitability Score: 8.0
CVSS: 9.0
CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-0892 vulnerability.

References

CVE-2008-0595: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes…

Published: 2008-02-29T19:44:00 Last Modified: 2022-02-07T18:24:00

Summary

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2008-0595 vulnerability.

References

CVE-2007-6284: The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause…

Published: 2008-01-12T02:46:00 Last Modified: 2018-10-15T21:51:00

Summary

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-6284 vulnerability.

References

CVE-2007-6283: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable…

Published: 2007-12-18T01:46:00 Last Modified: 2022-02-03T17:19:00

Summary

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2007-6283 vulnerability.

References

CVE-2007-6131: buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a…

Published: 2007-11-26T22:46:00 Last Modified: 2011-03-08T03:01:00

Summary

buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.

Common Weakness Enumeration (CWE): CWE-16: Configuration

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2007-6131 vulnerability.

References

CVE-2007-4134: Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote…

Published: 2007-08-30T22:17:00 Last Modified: 2018-10-15T21:33:00

Summary

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-4134 vulnerability.

References

CVE-2007-2874: Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora…

Published: 2007-07-27T21:30:00 Last Modified: 2011-03-08T02:55:00

Summary

Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-2874 vulnerability.

References

CVE-2007-3103: The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow…

Published: 2007-07-15T22:30:00 Last Modified: 2018-10-16T16:47:00

Summary

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

Scores

Impact Score: 10.0
Exploitability Score: 1.9
CVSS: 6.2
CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-3103 vulnerability.

X.Org xorg-x11-xfs 1.0.2-3.1 - Local Race Condition by vl4dZ at 2008-02-21

References

CVE-2007-2030: lharc.c in lha does not securely create temporary files, which might allow local users to read or…

Published: 2007-04-16T20:19:00 Last Modified: 2017-07-29T01:31:00

Summary

lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact

Availability: NONE
Confidentiality: COMPLETE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2007-2030 vulnerability.

References

CVE-2007-1352: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows…

Published: 2007-04-06T01:19:00 Last Modified: 2018-10-16T16:38:00

Summary

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Scores

Impact Score: 4.9
Exploitability Score: 4.4
CVSS: 3.8
CVSS Vector: AV:A/AC:M/Au:S/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2007-1352 vulnerability.

References

CVE-2006-6235: A “stack overwrite” vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0…

Published: 2006-12-07T11:28:00 Last Modified: 2018-10-17T21:47:00

Summary

A “stack overwrite” vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-6235 vulnerability.

References

CVE-2006-5701: Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5…

Published: 2006-11-03T23:07:00 Last Modified: 2017-07-20T01:33:00

Summary

Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2006-5701 vulnerability.

Linux Kernel 2.6.x - SquashFS Double-Free Denial of Service by LMH at 2006-11-02

References

CVE-2006-5170: pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other…

Published: 2006-10-10T04:06:00 Last Modified: 2022-02-03T17:19:00

Summary

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-5170 vulnerability.

References

CVE-2006-0745: X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the…

Published: 2006-03-21T02:06:00 Last Modified: 2018-10-19T15:46:00

Summary

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2006-0745 vulnerability.

X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation by H D Moore at 2006-03-20

References

CVE-2006-0452: dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause…

Published: 2006-02-14T22:06:00 Last Modified: 2017-07-20T01:29:00

Summary

dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of “,” (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-0452 vulnerability.

References

CVE-2006-0451: Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers…

Published: 2006-02-14T22:06:00 Last Modified: 2017-07-20T01:29:00

Summary

Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-0451 vulnerability.

References

CVE-2006-0453: The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of…

Published: 2006-02-14T22:06:00 Last Modified: 2017-07-20T01:29:00

Summary

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain “bad BER sequence” that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-0453 vulnerability.

References

CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml,…

Published: 2005-12-31T05:00:00 Last Modified: 2018-10-19T15:37:00

Summary

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3624 vulnerability.

References

CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and…

Published: 2005-12-31T05:00:00 Last Modified: 2018-10-19T15:37:00

Summary

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3626 vulnerability.

References

CVE-2005-3630: Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such…

Published: 2005-12-31T05:00:00 Last Modified: 2008-09-05T20:54:00

Summary

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders “allow” directives before “deny” directives.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3630 vulnerability.

References

CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and…

Published: 2005-12-31T05:00:00 Last Modified: 2018-10-19T15:37:00

Summary

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka “Infinite CPU spins.”

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3625 vulnerability.

References

CVE-2005-1267: The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the…

Published: 2005-06-10T04:00:00 Last Modified: 2018-10-19T15:31:00

Summary

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2005-1267 vulnerability.

Tcpdump - bgp_update_print Remote Denial of Service by simon at 2005-06-09

References

CVE-2005-0085: Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote…

Published: 2005-04-27T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0085 vulnerability.

References

CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete…

Published: 2005-04-27T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0206 vulnerability.

References

CVE-2005-0754: Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user,…

Published: 2005-04-22T04:00:00 Last Modified: 2016-10-18T03:14:00

Summary

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0754 vulnerability.

References

CVE-2005-0004: The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and…

Published: 2005-04-14T04:00:00 Last Modified: 2019-12-17T17:12:00

Summary

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2005-0004 vulnerability.

References

CVE-2004-1235: Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux…

Published: 2005-04-14T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Scores

Impact Score: 10.0
Exploitability Score: 1.9
CVSS: 6.2
CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Exploits Database (Total Exploits Count: 3)

Code designed for conducting penetration testing on CVE-2004-1235 vulnerability.

References

CVE-2005-0750: The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1…

Published: 2005-03-27T05:00:00 Last Modified: 2017-10-11T01:30:00

Summary

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 4)

Code designed for conducting penetration testing on CVE-2005-0750 vulnerability.

References

CVE-2005-0736: Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local…

Published: 2005-03-09T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2005-0736 vulnerability.

References

CVE-2005-0667: Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers…

Published: 2005-03-07T05:00:00 Last Modified: 2008-09-05T20:46:00

Summary

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0667 vulnerability.

References

CVE-2005-0109: Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel…

Published: 2005-03-05T05:00:00 Last Modified: 2018-10-16T12:06:00

Summary

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Impact

Availability: NONE
Confidentiality: COMPLETE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2005-0109 vulnerability.

References

CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value…

Published: 2005-03-02T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0605 vulnerability.

References

CVE-2004-0989: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may…

Published: 2005-03-01T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0989 vulnerability.

Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities by Sean at 2004-10-26

References

CVE-2004-0986: Iptables before 1.2.11, under certain conditions, does not properly load the required modules at…

Published: 2005-03-01T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0986 vulnerability.

References

CVE-2004-0974: The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating…

Published: 2005-02-09T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0974 vulnerability.

References

CVE-2004-0960: FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via…

Published: 2005-02-09T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0960 vulnerability.

References

CVE-2004-0961: Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service…

Published: 2005-02-09T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0961 vulnerability.

References

CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support…

Published: 2005-02-07T05:00:00 Last Modified: 2018-08-13T21:47:00

Summary

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2005-0156 vulnerability.

Setuid perl - 'PerlIO_Debug()' Local Overflow by Kevin Finisterre at 2005-02-07

References

CVE-2004-0902: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla…

Published: 2005-01-27T05:00:00 Last Modified: 2018-05-03T01:29:00

Summary

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the “Send page” functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0902 vulnerability.

References

CVE-2004-0930: The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0930 vulnerability.

References

CVE-2004-0918: The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0918 vulnerability.

References

CVE-2004-0882: Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow…

Published: 2005-01-27T05:00:00 Last Modified: 2018-10-30T16:25:00

Summary

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small “maximum data bytes” value.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0882 vulnerability.

References

CVE-2004-0886: Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0886 vulnerability.

References

CVE-2004-0888: Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0888 vulnerability.

References

CVE-2004-0903: Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0903 vulnerability.

References

CVE-2004-0889: Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow…

Published: 2005-01-27T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0889 vulnerability.

References

CVE-2004-1184: The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute…

Published: 2005-01-21T05:00:00 Last Modified: 2018-10-19T15:30:00

Summary

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1184 vulnerability.

References

CVE-2004-0883: Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0883 vulnerability.

References

CVE-2004-1158: Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the “window injection” vulnerability.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1158 vulnerability.

References

CVE-2004-1269: lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1269 vulnerability.

Easy Software Products LPPassWd 1.1.22 - Resource Limit Denial of Service by Bartlomiej Sieka at 2004-12-11

References

CVE-2004-1011: Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1011 vulnerability.

References

CVE-2004-1071: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1071 vulnerability.

References

CVE-2004-1013: The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote…

Published: 2005-01-10T05:00:00 Last Modified: 2016-12-08T02:59:00

Summary

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) “body[p”, (2) “binary[p”, or (3) “binary[p”) that cause an index increment error that leads to an out-of-bounds memory corruption.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1013 vulnerability.

References

CVE-2004-1073: The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1073 vulnerability.

Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read by Paul Starzetz at 2004-11-10

References

CVE-2004-1171: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user’s .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1171 vulnerability.

References

CVE-2004-1268: lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1268 vulnerability.

References

CVE-2004-0914: Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE’s content decisions.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0914 vulnerability.

References

CVE-2004-1015: Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1015 vulnerability.

References

CVE-2004-1070: The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1070 vulnerability.

References

CVE-2004-1154: Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-30T16:25:00

Summary

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1154 vulnerability.

References

CVE-2004-0949: The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0949 vulnerability.

References

CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (“body[p”) that is treated as a different command (“body.peek”) and causes an index increment error that leads to an out-of-bounds memory corruption.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1012 vulnerability.

References

CVE-2004-1067: Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1067 vulnerability.

References

CVE-2004-1072: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1072 vulnerability.

References

CVE-2004-1267: Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1267 vulnerability.

CUPS 1.1.x - '.HPGL' File Processor Buffer Overflow by Ariel Berkman at 2004-12-15

References

CVE-2004-1270: lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1,…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1270 vulnerability.

References

CVE-2004-0802: Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute…

Published: 2004-12-31T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0802 vulnerability.

References

CVE-2004-0817: Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to…

Published: 2004-12-31T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0817 vulnerability.

References

CVE-2004-0904: Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release,…

Published: 2004-12-31T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0904 vulnerability.

References

CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier,…

Published: 2004-12-23T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0803 vulnerability.

References

CVE-2004-1333: Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows…

Published: 2004-12-15T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1333 vulnerability.

Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow by Georgi Guninski at 2004-12-16

References

CVE-2004-1335: Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users…

Published: 2004-12-15T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1335 vulnerability.

Linux Kernel 2.4.28/2.6.9 - 'ip_options_get' Local Overflow by Georgi Guninski at 2004-12-16

References

CVE-2004-0619: Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows…

Published: 2004-12-06T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0619 vulnerability.

References

CVE-2004-0415: Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local…

Published: 2004-11-23T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0415 vulnerability.

Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure by Paul Starzetz at 2004-08-04

References

CVE-2004-1613: Mozilla allows remote attackers to cause a denial of service (application crash from null…

Published: 2004-10-18T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1613 vulnerability.

References

CVE-2005-0373: Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in…

Published: 2004-10-07T04:00:00 Last Modified: 2017-07-11T01:32:00

Summary

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0373 vulnerability.

References

CVE-2004-0827: Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before…

Published: 2004-09-16T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0827 vulnerability.

References

CVE-2004-0905: Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8…

Published: 2004-09-14T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0905 vulnerability.

References

CVE-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as…

Published: 2004-08-18T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0234 vulnerability.

References

CVE-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to…

Published: 2004-08-18T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (”//absolute/path").

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0235 vulnerability.

References

CVE-2004-0461: The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that…

Published: 2004-08-06T04:00:00 Last Modified: 2017-07-11T01:30:00

Summary

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0461 vulnerability.

References

CVE-2004-0460: Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and…

Published: 2004-08-06T04:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0460 vulnerability.

References

CVE-2004-0557: Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX)…

Published: 2004-08-06T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2004-0557 vulnerability.

References

CVE-2004-0587: Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to…

Published: 2004-08-06T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0587 vulnerability.

References

CVE-2004-0595: The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0)…

Published: 2004-07-27T04:00:00 Last Modified: 2018-10-30T16:25:00

Summary

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0595 vulnerability.

PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass by Stefan Esser at 2004-07-14

References

CVE-2004-0594: The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain…

Published: 2004-07-27T04:00:00 Last Modified: 2018-10-30T16:25:00

Summary

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0594 vulnerability.

PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow by Gyan Chawdhary at 2004-11-27

References

redhat/fedora Vulnerability Summary

redhat/fedora Vulnerability List

CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such…

CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal…

CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3…

CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also…

CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of…

CVE-2021-4166: vim is vulnerable to Out-of-bounds Read

CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via…

CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted…

CVE-2021-4024: A flaw was found in podman. The podman machine function (used to create and manage Podman…

CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command…

CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through…

CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a…

CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has…

CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in…

CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image…

CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned…

CVE-2021-3935: When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can…

CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal…

CVE-2021-32672: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua…

CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <…

CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the…

CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two…

CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory…

CVE-2021-3573: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found…

CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A…

CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can…

CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when…

CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a…

CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in…

CVE-2021-3592: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3594: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3595: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….

CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…

CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…

CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a…

CVE-2021-3516: There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit…

CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that…

CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious…

CVE-2021-20239: A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw…

CVE-2021-20292: There is a flaw reported in the Linux kernel in versions before 5.9 in…

CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a…

CVE-2021-30501: An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow…

CVE-2021-30500: Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version…

CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary…

CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function…

CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),…

CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a…

CVE-2021-20178: A flaw was found in ansible module where credentials are disclosed in the console log by default…

CVE-2021-3426: There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to…

CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who…

CVE-2021-3445: A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This…

CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An…

CVE-2021-3518: There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted…

CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a…

CVE-2021-3524: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before…

CVE-2020-27769: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of…

CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors…

CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This…

CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of…

CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs)…

CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in…

CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file…

CVE-2021-3505: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit…

CVE-2021-20288: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles…

CVE-2021-3487: There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a…

CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation…

CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for…

CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification…

CVE-2021-20291: A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1….

CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as…

CVE-2021-20271: A flaw was found in RPM’s signature check functionality when reading a package file. This flaw…

CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled…

CVE-2021-3446: A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms…

CVE-2021-3466: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function…

CVE-2021-3409: The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU…

CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when…

CVE-2019-10196: A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent…

CVE-2021-4024: A flaw was found in podman. The `podman machine` function (used to create and manage Podman…