VIR Vulnerability Intelligence Relay

Search

Found 14,359 results in 678ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-11771 unknown FIX debian debian 8y ago Moderate severity vulnerability that affects org.apache.commons:commons-compress
CVE-2017-7658 unknown FIX debian debian 8y ago Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
CVE-2017-7656 unknown FIX debian debian 8y ago Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
CVE-2018-12536 unknown FIX debian debian 8y ago Eclipse Jetty Server generates error message containing sensitive information
CVE-2017-7657 unknown FIX debian debian 8y ago Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
CVE-2016-1000345 unknown FIX debian debian 8y ago Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
CVE-2016-1000344 unknown FIX debian debian 8y ago In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
CVE-2017-17485 unknown FIX debian debian 8y ago jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
CVE-2017-15095 unknown FIX debian debian 8y ago jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
CVE-2018-1275 unknown FIX debian debian 8y ago Spring Framework has Improperly Implemented Security Check for Standard
CVE-2018-1272 unknown FIX debian debian 8y ago Possible privilege escalation in org.springframework:spring-core
CVE-2018-1271 unknown FIX debian debian 8y ago Path Traversal in org.springframework:spring-core
CVE-2018-1270 unknown FIX debian debian 8y ago Spring Framework allows applications to expose STOMP over WebSocket endpoints
CVE-2018-1257 unknown FIX debian debian 8y ago Denial of Service in org.springframework:spring-core
CVE-2018-1199 unknown FIX debian debian 8y ago Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
CVE-2018-8010 unknown FIX debian debian 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
CVE-2018-1308 unknown FIX debian debian 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr
CVE-2018-8026 unknown FIX debian debian 8y ago XML external entity expansion in org.apache.solr:solr-core
CVE-2018-11797 unknown FIX slesdebian debian 8y ago In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
CVE-2018-1336 unknown FIX slesdebian debian 8y ago An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 t…
CVE-2018-1305 unknown FIX slesdebian debian 8y ago Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. …
CVE-2018-1304 unknown FIX slesdebian debian 8y ago The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 …
CVE-2016-1000352 unknown FIX debian debian 8y ago In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
CVE-2016-1000346 unknown FIX debian debian 8y ago In Bouncy Castle JCE Provider the other party DH public key is not fully validated
CVE-2016-1000343 unknown FIX debian debian 8y ago In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
CVE-2016-1000342 unknown FIX debian debian 8y ago In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
CVE-2016-1000341 unknown FIX debian debian 8y ago Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
CVE-2016-1000340 unknown FIX debian debian 8y ago The Bouncy Castle JCE Provider carry a propagation bug
CVE-2016-1000339 unknown FIX debian debian 8y ago Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
CVE-2016-1000338 unknown FIX debian debian 8y ago In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
CVE-2018-1000613 unknown FIX debian debian sles 8y ago Deserialization of Untrusted Data in Bouncy castle
CVE-2018-1338 unknown FIX debian debian 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-8017 unknown FIX slesdebian debian 8y ago Comparison errorr in org.apache.tika:tika-core
CVE-2018-11762 unknown FIX slesdebian debian 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-11761 unknown FIX slesdebian debian 8y ago High severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-1339 unknown FIX debian debian 8y ago org.apache.tika:tika-parsers has an Infinite Loop vulnerability
CVE-2018-1335 unknown 1.0 EXPFIX debian debian 8y ago Command injection in org.apache.tika:tika-core
CVE-2018-11796 unknown FIX slesdebian debian 8y ago Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
CVE-2018-8032 unknown FIX debian debian sles 8y ago Moderate severity vulnerability that affects apache axis
CVE-2018-7489 unknown FIX debian debian 8y ago FasterXML jackson-databind allows unauthenticated remote code execution
CVE-2018-1000180 unknown FIX debian debian sles 8y ago Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
CVE-2018-12538 unknown FIX debian debian 8y ago Access and integrity issue within Eclipse Jetty
CVE-2018-11040 unknown FIX debian debian 8y ago Moderate severity vulnerability that affects org.springframework:spring-core
CVE-2018-11039 unknown FIX debian debian 8y ago Spring Framework Cross Site Tracing (XST)
CVE-2017-7525 unknown FIX debian debian 8y ago jackson-databind is vulnerable to a deserialization flaw
CVE-2018-1000632 unknown FIX slesdebian debian 8y ago Dom4j contains a XML Injection vulnerability
CVE-2018-14041 unknown FIX debian debian 8y ago Bootstrap Cross-site Scripting vulnerability
CVE-2018-20997 unknown FIX debian debian 8y ago An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
CVE-2017-16229 unknown FIX debian debian 9y ago In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
CVE-2016-10931 unknown FIX debian debian 10y ago An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for host…
CVE-2016-0752 unknown 2.5 KEVEXPFIX slesdebian debian 11y ago Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
CVE-2026-8341 unknown FIX debian debian
CVE-2026-6941 unknown FIX debian debian radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic…
CVE-2026-6940 unknown FIX debian debian radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the …
CVE-2026-6780 unknown FIX debian debian Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6779 unknown FIX debian debian Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6760 unknown FIX debian debian Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6758 unknown FIX debian debian Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6756 unknown FIX debian debian Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
CVE-2026-6502 unknown FIX debian debian
CVE-2026-6359 unknown FIX debian debian Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTM…
CVE-2026-6307 unknown FIX debian debian Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-5918 unknown FIX debian debian Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page…
CVE-2026-5907 unknown FIX debian debian Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: …
CVE-2026-5906 unknown FIX debian debian Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium securit…
CVE-2026-5905 unknown FIX debian debian Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5904 unknown FIX debian debian Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Exte…
CVE-2026-5903 unknown FIX debian debian Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted…
CVE-2026-5902 unknown FIX debian debian Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium…
CVE-2026-5901 unknown FIX debian debian Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions fo…
CVE-2026-5900 unknown FIX debian debian Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5899 unknown FIX debian debian Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scri…
CVE-2026-5898 unknown FIX debian debian Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5897 unknown FIX debian debian Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML p…
CVE-2026-5896 unknown FIX debian debian Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted H…
CVE-2026-5895 unknown FIX debian debian Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security …
CVE-2026-5894 unknown FIX debian debian Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5893 unknown FIX debian debian Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-5892 unknown FIX debian debian Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted …
CVE-2026-5891 unknown FIX debian debian Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…
CVE-2026-5889 unknown FIX debian debian Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security sev…
CVE-2026-5888 unknown FIX debian debian Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium sec…
CVE-2026-5887 unknown FIX debian debian Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium…
CVE-2026-5886 unknown FIX debian debian Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chrom…
CVE-2026-5885 unknown FIX debian debian Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a …
CVE-2026-5884 unknown FIX debian debian Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandb…
CVE-2026-5882 unknown FIX debian debian Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-5881 unknown FIX debian debian Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-5880 unknown FIX debian debian Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar)…
CVE-2026-5878 unknown FIX debian debian Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-5877 unknown FIX debian debian Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-5876 unknown FIX debian debian Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-5875 unknown FIX debian debian Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-5874 unknown FIX debian debian Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a craf…
CVE-2026-5873 unknown FIX debian debian Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
CVE-2026-5872 unknown FIX debian debian Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-5871 unknown FIX debian debian Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-5870 unknown FIX debian debian Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-5869 unknown FIX debian debian Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
CVE-2026-5868 unknown FIX debian debian Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…