VIR Vulnerability Intelligence Relay

Search

Found 15,824 results in 4930ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2020-35922 unknown FIX slesdebian debian 6y ago An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
CVE-2020-26300 unknown FIX debian debian 6y ago systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fix…
CVE-2020-7752 unknown FIX debian debian 6y ago This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execu…
CVE-2020-24660 unknown FIX debian debian 6y ago An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also af…
CVE-2020-15094 unknown FIX debian debian 6y ago In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X…
CVE-2019-17638 unknown FIX debian debian 6y ago Operation on a Resource after Expiration or Release in Jetty Server
CVE-2019-13990 unknown FIX slesdebian debian 6y ago XML external entity injection in Terracotta Quartz Scheduler
CVE-2017-7957 unknown FIX slesdebian debian 6y ago Denial of service in XStream
CVE-2016-3674 unknown FIX debian debian 6y ago XML External Entity Injection in XStream
CVE-2018-5968 unknown FIX slesdebian debian 6y ago Deserialization of Untrusted Data in jackson-databind
CVE-2020-14061 unknown FIX debian debian 6y ago Deserialization of untrusted data in Jackson Databind
CVE-2020-14195 unknown FIX debian debian 6y ago Deserialization of untrusted data in Jackson Databind
CVE-2018-10237 unknown FIX slesdebian debian 6y ago Denial of Service in Google Guava
CVE-2017-7536 unknown FIX debian debian 6y ago Privilege Escalation in Hibernate Validator
CVE-2020-11612 unknown FIX slesdebian debian 6y ago Denial of Service in Netty
CVE-2018-15756 unknown FIX debian debian 6y ago Denial of Service in Spring Framework
CVE-2009-2625 unknown FIX debian debian 6y ago Denial of service in Apache Xerces2
CVE-2018-12023 unknown FIX debian debian 6y ago Deserialization of Untrusted Data
CVE-2019-17267 unknown FIX slesdebian debian 6y ago Improper Input Validation in jackson-databind
CVE-2020-10683 unknown FIX slesdebian debian 6y ago dom4j allows External Entities by default which might enable XXE attacks
CVE-2020-9488 low 3.7 3.7 FIX debian debian sles oracleapacheqos 6y ago Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log mess…
CVE-2020-1941 unknown FIX debian debian 6y ago Apache ActiveMQ webconsole admin GUI is open to XSS
CVE-2020-1953 unknown FIX debian debian 6y ago Remote code execution in Apache Commons Configuration
CVE-2020-11078 low 2.5 FIX slesdebian debian rhel 6y ago RHSA-2020:4605: resource-agents security and bug fix update (Low)
CVE-2019-14893 unknown FIX debian debian 6y ago Polymorphic deserialization of malicious object in jackson-databind
CVE-2019-14892 unknown FIX debian debian 6y ago Polymorphic deserialization of malicious object in jackson-databind
CVE-2020-10968 unknown FIX debian debian 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11111 unknown FIX debian debian 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11054 low 2.5 FIX arch archdebian debian 6y ago In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (col…
CVE-2019-1010305 low 2.5 FIX slesdebian debian rocky 6y ago RHSA-2020:1686: libmspack security and bug fix update (Low)
CVE-2019-13045 low 2.5 FIX arch archdebian debian rocky 6y ago RHSA-2020:1616: irssi security update (Low)
CVE-2019-11498 low 2.5 FIX sles rockydebian debian 6y ago RHSA-2020:1581: wavpack security update (Low)
CVE-2019-1010319 low 2.5 FIX sles rockydebian debian 6y ago RHSA-2020:1581: wavpack security update (Low)
CVE-2019-1010317 low 2.5 FIX rockydebian debian rhel 6y ago RHSA-2020:1581: wavpack security update (Low)
CVE-2019-1010315 low 2.5 FIX sles rockydebian debian 6y ago RHSA-2020:1581: wavpack security update (Low)
CVE-2018-19841 low 2.5 FIX sles rockydebian debian 6y ago RHSA-2020:1581: wavpack security update (Low)
CVE-2018-19840 low 2.5 FIX sles rockydebian debian 6y ago RHSA-2020:1581: wavpack security update (Low)
CVE-2019-8696 low 2.5 FIX slesdebian debian rhel 6y ago RHSA-2020:1765: cups security and bug fix update (Low)
CVE-2019-8675 low 2.5 FIX slesdebian debian rhel 6y ago RHSA-2020:1765: cups security and bug fix update (Low)
CVE-2019-19126 low 2.5 FIX slesdebian debian rhel 6y ago RHSA-2020:1828: glibc security, bug fix, and enhancement update (Low)
CVE-2019-17451 low 2.5 FIX debian debian sles rhel 6y ago RHSA-2020:1797: binutils security and bug fix update (Low)
CVE-2019-14834 low 2.5 FIX slesdebian debian rhel 6y ago RHSA-2020:1715: dnsmasq security, bug fix, and enhancement update (Low)
CVE-2019-13232 low 2.5 FIX arch arch slesdebian debian 6y ago RHSA-2020:1787: unzip security update (Low)
CVE-2019-1010204 low 2.5 FIX debian debian sles rhel 6y ago RHSA-2020:1797: binutils security and bug fix update (Low)
CVE-2018-19519 low 2.5 slesdebian debian rhel 6y ago RHSA-2020:1604: tcpdump security update (Low)
CVE-2018-10910 low 2.5 FIX debian debian sles rhel 6y ago RHSA-2020:1912: bluez security update (Low)
CVE-2020-10969 unknown FIX debian debian 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11620 unknown FIX debian debian 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-5275 unknown FIX debian debian 6y ago In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides …
CVE-2020-5274 unknown FIX debian debian 6y ago In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even …
CVE-2020-5255 unknown FIX debian debian 6y ago In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r…
CVE-2019-17569 unknown FIX debian debian 6y ago The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were …
CVE-2020-7238 unknown FIX slesdebian debian 6y ago HTTP Request Smuggling in Netty
CVE-2019-20444 unknown FIX slesdebian debian 6y ago HTTP Request Smuggling in Netty
CVE-2019-20445 unknown FIX slesdebian debian 6y ago HTTP Request Smuggling in Netty
CVE-2019-17558 unknown 2.5 KEVEXP debian debian 6y ago The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
CVE-2019-10911 unknown FIX debian debian 6y ago In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with…
CVE-2019-10912 unknown FIX debian debian 6y ago In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this coul…
CVE-2019-11325 unknown FIX debian debian 6y ago An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrar…
CVE-2019-10172 unknown FIX debian debian 6y ago Improper Restriction of XML External Entity Reference in jackson-mapper-asl
CVE-2019-12422 unknown debian debian 6y ago Improper input validation in Apache Shiro
CVE-2019-10782 unknown FIX debian debian 6y ago XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
CVE-2020-5397 unknown FIX debian debian 7y ago CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
CVE-2020-5398 unknown FIX debian debian 7y ago RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
CVE-2019-10219 unknown FIX debian debian 7y ago The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
CVE-2019-12418 unknown FIX slesdebian debian 7y ago When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration f…
CVE-2019-17563 unknown FIX slesdebian debian 7y ago When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The wind…
CVE-2019-19118 low 2.5 FIX arch archdebian debian 7y ago Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed…
CVE-2019-17632 unknown FIX debian debian 7y ago Unescaped exception messages in error responses in Jetty
CVE-2019-10913 unknown FIX debian debian 7y ago In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted inpu…
CVE-2019-18886 unknown FIX debian debian 7y ago An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthor…
CVE-2019-18888 unknown FIX debian debian 7y ago An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIM…
CVE-2019-18889 unknown FIX debian debian 7y ago An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is rel…
CVE-2019-10212 unknown FIX debian debian 7y ago Potential to access user credentials from the log files when debug logging enabled
CVE-2019-10910 unknown FIX debian debian 7y ago In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code exec…
CVE-2019-10909 unknown FIX debian debian 7y ago In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th…
CVE-2018-10393 low 2.5 FIX slesdebian debian rocky 7y ago RHSA-2019:3703: libvorbis security update (Low)
CVE-2018-10392 low 2.5 FIX slesdebian debian rocky 7y ago RHSA-2019:3703: libvorbis security update (Low)
CVE-2018-18751 low 2.5 FIX arch arch slesdebian debian 7y ago RHSA-2019:3643: gettext security update (Low)
CVE-2019-8768 low 2.5 FIX sles rockydebian debian 7y ago "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing h…
CVE-2019-8735 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin…
CVE-2019-8726 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processin…
CVE-2019-8690 low 3.5 EXPFIX sles rockydebian debian 7y ago A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTun…
CVE-2019-8689 low 3.5 EXPFIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6…
CVE-2019-8687 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8686 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8681 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8679 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8677 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8676 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6…
CVE-2019-8673 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8672 low 3.5 EXPFIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6…
CVE-2019-8671 low 3.5 EXPFIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8666 low 2.5 FIX sles rockydebian debian 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for …
CVE-2019-8623 low 3.5 EXPFIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9…
CVE-2019-8622 low 3.5 EXPFIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9…
CVE-2019-8619 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8615 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8611 low 3.5 EXPFIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …
CVE-2019-8610 low 2.5 FIX rockydebian debianalmalinux almalinux 7y ago Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for …