Vulmon Recent Vulnerabilities Discussions Trends Blog About Contact

Recent vulnerabilities and exploits

10
CVSSv2
CVE-2008-1611

Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request....

Tftp-serverWinagents Tftp Server
NA
CVE-2019-19634

<!-- '"` --><!-- </textarea></xmp> --> In this repository All GitHub ...

4.3
CVSSv2
CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a...

DjangoprojectDjangoCanonicalUbuntu LinuxDebianDebian LinuxFedoraprojectFedora
5
CVSSv2
CVE-2019-6975

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function....

DjangoprojectDjangoCanonicalUbuntu LinuxFedoraprojectFedora
7.8
CVSSv2
CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys....

DjangoprojectDjangoCanonicalUbuntu LinuxDebianDebian LinuxOracleSolaris
5
CVSSv2
CVE-2018-5744

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview...

IscBind
6.5
CVSSv2
CVE-2019-2890

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3...

OracleWeblogic Server
NA
CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in...

NA
CVE-2019-19636

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c....

NA
CVE-2019-19635

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c....

CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-2231cross-site scriptingopen redirectCVE-2019-11293CVE-2019-16673CVE-2019-12750file uploadCVE-2019-17387CVE-2019-9810