| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1145 | Hig | 0.61 | 8.8 | 0.13 | Aug 14, 2019 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,… | ||
| CVE-2019-1144 | Hig | 0.61 | 8.8 | 0.13 | Aug 14, 2019 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,… | ||
| CVE-2019-1140 | Hig | 0.58 | 8.8 | 0.04 | Aug 14, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current… | ||
| CVE-2019-1133 | Hig | 0.49 | 7.5 | 0.03 | Aug 14, 2019 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker… | ||
| CVE-2019-1057 | Hig | 0.49 | 7.5 | 0.03 | Aug 14, 2019 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,… | ||
| CVE-2019-14526 | Hig | 0.53 | 8.1 | 0.01 | Aug 14, 2019 | An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web… | ||
| CVE-2019-14216 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. | ||
| CVE-2019-13030 | Hig | 0.53 | 8.2 | 0.02 | Aug 14, 2019 | eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons… | ||
| CVE-2019-12104 | Hig | 0.58 | 8.8 | 0.05 | Aug 14, 2019 | The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. | ||
| CVE-2019-0965 | Hig | 0.50 | 7.6 | 0.01 | Aug 14, 2019 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating… | ||
| CVE-2019-0720 | Hig | 0.52 | 8.0 | 0.04 | Aug 14, 2019 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a… | ||
| CVE-2019-9583 | Hig | 0.53 | 8.2 | 0.02 | Aug 14, 2019 | eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11,… | ||
| CVE-2019-9582 | Hig | 0.49 | 7.5 | 0.02 | Aug 14, 2019 | eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. | ||
| CVE-2019-9506 | Hig | 0.53 | 8.1 | 0.03 | Aug 14, 2019 | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and… | ||
| CVE-2019-3639 | Hig | 0.46 | 7.1 | 0.01 | Aug 14, 2019 | Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | ||
| CVE-2019-10201 | Hig | 0.53 | 8.1 | 0.01 | Aug 14, 2019 | It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this… | ||
| CVE-2019-10199 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain. | ||
| CVE-2019-15050 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp. | ||
| CVE-2019-15049 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp. | ||
| CVE-2019-15048 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp. | ||
| CVE-2019-15047 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp. | ||
| CVE-2018-20968 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | ||
| CVE-2018-20967 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | ||
| CVE-2017-18513 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. | ||
| CVE-2017-18512 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. | ||
| CVE-2017-18511 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. | ||
| CVE-2017-18510 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. | ||
| CVE-2016-10885 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The wp-editor plugin before 1.2.6 for WordPress has CSRF. | ||
| CVE-2016-10884 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | ||
| CVE-2016-10882 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The google-document-embedder plugin before 2.6.2 for WordPress has CSRF. | ||
| CVE-2015-9309 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | ||
| CVE-2015-9308 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | ||
| CVE-2015-9307 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | ||
| CVE-2013-7476 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. | ||
| CVE-2019-8062 | Hig | 0.51 | 7.8 | 0.03 | Aug 14, 2019 | Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2019-7961 | Hig | 0.51 | 7.8 | 0.03 | Aug 14, 2019 | Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2019-7931 | Hig | 0.51 | 7.8 | 0.03 | Aug 14, 2019 | Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2019-7870 | Hig | 0.51 | 7.8 | 0.04 | Aug 14, 2019 | Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2019-15046 | Hig | 0.49 | 7.5 | 0.05 | Aug 14, 2019 | Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | ||
| CVE-2019-0349 | Hig | 0.47 | 7.2 | 0.01 | Aug 14, 2019 | SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to… | ||
| CVE-2019-0351 | Hig | 0.57 | 8.8 | 0.03 | Aug 14, 2019 | A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including… | ||
| CVE-2019-0343 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the… | ||
| CVE-2019-0341 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application. | ||
| CVE-2019-14975 | Hig | 0.46 | 7.1 | 0.01 | Aug 14, 2019 | Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. | ||
| CVE-2014-10375 | Hig | 0.49 | 7.5 | 0.01 | Aug 14, 2019 | handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | ||
| CVE-2019-9518 | Hig | 0.51 | 7.5 | 0.25 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.… | ||
| CVE-2019-9517 | — | Hig | 0.51 | 7.5 | 0.27 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually… | |
| CVE-2019-9515 | — | Hig | 0.56 | 7.5 | 0.88 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame… | |
| CVE-2019-9514 | — | Hig | 0.48 | 7.5 | 0.83 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the… | |
| CVE-2019-9513 | — | Hig | 0.55 | 7.5 | 0.82 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can… |
- risk 0.61cvss 8.8epss 0.13
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…
- risk 0.61cvss 8.8epss 0.13
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…
- risk 0.58cvss 8.8epss 0.04
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…
- risk 0.49cvss 7.5epss 0.03
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker…
- risk 0.49cvss 7.5epss 0.03
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,…
- risk 0.53cvss 8.1epss 0.01
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
- risk 0.53cvss 8.2epss 0.02
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons…
- risk 0.58cvss 8.8epss 0.05
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
- risk 0.50cvss 7.6epss 0.01
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…
- risk 0.52cvss 8.0epss 0.04
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a…
- risk 0.53cvss 8.2epss 0.02
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11,…
- risk 0.49cvss 7.5epss 0.02
eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15.
- risk 0.53cvss 8.1epss 0.03
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and…
- risk 0.46cvss 7.1epss 0.01
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.
- risk 0.53cvss 8.1epss 0.01
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this…
- risk 0.57cvss 8.8epss 0.01
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp.
- risk 0.57cvss 8.8epss 0.01
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
- risk 0.57cvss 8.8epss 0.01
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
- risk 0.57cvss 8.8epss 0.01
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
- risk 0.57cvss 8.8epss 0.01
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
- risk 0.57cvss 8.8epss 0.01
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
- risk 0.57cvss 8.8epss 0.01
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
- risk 0.57cvss 8.8epss 0.01
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
- risk 0.57cvss 8.8epss 0.01
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.
- risk 0.51cvss 7.8epss 0.03
Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.03
Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.03
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.04
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.49cvss 7.5epss 0.05
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
- risk 0.47cvss 7.2epss 0.01
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to…
- risk 0.57cvss 8.8epss 0.03
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including…
- risk 0.57cvss 8.8epss 0.01
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the…
- risk 0.57cvss 8.8epss 0.01
The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.
- risk 0.46cvss 7.1epss 0.01
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
- risk 0.49cvss 7.5epss 0.01
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
- risk 0.51cvss 7.5epss 0.25
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.…
- risk 0.51cvss 7.5epss 0.27
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually…
- risk 0.56cvss 7.5epss 0.88
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame…
- risk 0.48cvss 7.5epss 0.83
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the…
- risk 0.55cvss 7.5epss 0.82
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can…