Vulnerabilities in [UNKNOWN]
240 resultsCVE-2018-10933CRITICALA vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels wiEPSS 91.8%CVE-2018-14667CRITICALThe RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unautEPSS 74.2%KEVCVE-2018-16858HIGHIt was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute EPSS 67.5%CVE-2018-16873HIGHIn Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag andEPSS 66.3%CVE-2018-16855HIGHAn issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds mEPSS 59.5%CVE-2018-10860MEDIUMperl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitizeEPSS 48.7%CVE-2018-16843MEDIUMnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption.EPSS 47.1%CVE-2019-3833HIGHOpenwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP rEPSS 15.2%CVE-2019-3816HIGHOpenwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemoEPSS 14.7%CVE-2019-3810MEDIUMA flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ EPSS 13.9%CVE-2018-16844MEDIUMnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issEPSS 12.4%CVE-2018-14649CRITICALIt was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is donEPSS 11.6%CVE-2018-14618HIGHcurl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hasEPSS 10.8%CVE-2018-16845HIGHnginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop inEPSS 9.8%CVE-2016-2125MEDIUMIt was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A servEPSS 9.3%CVE-2018-1123LOWprocps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard pEPSS 9.1%CVE-2018-1120LOWA flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command EPSS 7.3%CVE-2018-16875MEDIUMThe crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verificationEPSS 6.3%CVE-2017-2608HIGHJenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types iEPSS 6.3%CVE-2018-14648HIGHA flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() functiEPSS 6.2%