windows 7 vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-16278

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request....

NazgulNostromo Nhttpd
5
CVSSv2
CVE-2019-16279

A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request....

NazgulNostromo Nhttpd
7.5
CVSSv2
CVE-2011-0751

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI....

NazgulNostromo
4.3
CVSSv2
CVE-2019-2989

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

7.5
CVSSv2
CVE-2019-10126

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences....

8.3
CVSSv2
CVE-2019-3846

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network....

4.6
CVSSv2
CVE-2018-20856

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled....

6
CVSSv2
CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class....

WebtoffeeImport Export Wordpress Users
5
CVSSv2
CVE-2018-3167

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows...

OracleApplication Management Pack
7.5
CVSSv2
CVE-2019-5420

There is a possible a possible remote code executing exploit in Rails when in development mode. With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in...

RubyonrailsRailsDebianDebian LinuxFedoraprojectFedora