Vulnerability & Exploit Database

Displaying entries 71 - 80 of 145000 in total

lighttpd: potential path traversal with specific configs (CVE-2019-11072) Vulnerability

  • Severity: 8
  • Published: April 10, 2019

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c.

Debian: CVE-2019-3842: systemd -- security update Vulnerability

  • Severity: 4
  • Published: April 10, 2019

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" el...

Debian: CVE-2019-11071: spip -- security update Vulnerability

  • Severity: 7
  • Published: April 10, 2019

SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.

Debian: CVE-2019-11068: libxslt -- security update Vulnerability

  • Severity: 8
  • Published: April 10, 2019

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

Alpine Linux: CVE-2019-11068: libxslt security framework bypass Vulnerability

  • Severity: 8
  • Published: April 10, 2019

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

Wireshark : CVE-2019-10903 : DCERPC SPOOLSS dissector crash Vulnerability

  • Severity: 5
  • Published: April 09, 2019

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.