Latest CVE Feed
-
9.8
CRITICALCVE-2019-25039
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited... Read more
- EPSS Score: %0.73
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-20787
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.... Read more
- EPSS Score: %0.68
- Published: Apr. 22, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18906
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise... Read more
- EPSS Score: %0.38
- Published: Jun. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18814
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.... Read more
Affected Products : linux_kernel- EPSS Score: %0.50
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that ... Read more
- EPSS Score: %2.71
- Published: Dec. 01, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1785
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due ... Read more
Affected Products : clamav- EPSS Score: %2.00
- Published: Apr. 08, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (v... Read more
Affected Products : debian_linux enterprise_linux_server webcenter_sites weblogic_server oncommand_workflow_automation steelstore_cloud_integrated_storage communications_cloud_native_core_network_slice_selection_function goldengate_application_adapters jd_edwards_enterpriseone_tools communications_billing_and_revenue_management +13 more products- EPSS Score: %1.19
- Published: Oct. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) ja... Read more
- EPSS Score: %0.44
- Published: Oct. 01, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15874
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel pani... Read more
- EPSS Score: %0.61
- Published: Apr. 29, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed... Read more
- EPSS Score: %32.25
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14893
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling method... Read more
- EPSS Score: %0.70
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14892
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute... Read more
- EPSS Score: %0.87
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14532
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.... Read more
- EPSS Score: %0.61
- Published: Aug. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14307
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer... Read more
Affected Products : sp_c250sf_firmware sp_c252sf_firmware sp_c250dn_firmware sp_c252dn_firmware sp_c250sf sp_c252sf sp_c250dn sp_c252dn- EPSS Score: %1.22
- Published: Aug. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14192
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.... Read more
Affected Products : u-boot- EPSS Score: %0.33
- Published: Jul. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regu... Read more
- EPSS Score: %0.14
- Published: Jan. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12900
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.... Read more
- EPSS Score: %1.37
- Published: Jun. 19, 2019
- Modified: Jun. 09, 2025
-
9.8
CRITICALCVE-2019-1212
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerab... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +6 more products- EPSS Score: %17.82
- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %1.74
- Published: May. 22, 2019
- Modified: May. 28, 2025
-
9.8
CRITICALCVE-2019-11714
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.... Read more
Affected Products : firefox- EPSS Score: %0.76
- Published: Jul. 23, 2019
- Modified: Nov. 21, 2024