Vulmon Recent Vulnerabilities Discussions Trends Blog About Contact

Recent vulnerabilities and exploits

5.1
CVSSv2
CVE-2016-1000110

CWE-807: Reliance on Untrusted Inputs in a Security Decision, CWE-454: External Initialization of Trusted Variables or Data StoresWeb servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. The...

5.1
CVSSv2
CVE-2016-1000109

CWE-807: Reliance on Untrusted Inputs in a Security Decision, CWE-454: External Initialization of Trusted Variables or Data StoresWeb servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. The...

5.1
CVSSv2
CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote...

ApacheTomcatHpSystem Management HomepageOracleLinuxRedhatEnterprise Linux DesktopEnterprise Linux Hpc NodeEnterprise Linux Hpc Node EusEnterprise Linux ServerEnterprise Linux Server AusEnterprise Linux Server EusEnterprise Linux Server TusEnterprise Linux Workstation
5.1
CVSSv2
CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

ApacheHttp ServerHpSystem Management HomepageRedhatJboss Web ServerFedoraprojectFedoraOracleLinuxSolaris
6.8
CVSSv2
CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to...

GolangGoFedoraprojectFedoraOracleLinuxRedhatEnterprise Linux ServerEnterprise Linux Server AusEnterprise Linux Server Eus
5.1
CVSSv2
CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an...

HpSystem Management HomepageStoreever Msl6480 Tape Library FirmwarePhpFedoraprojectFedoraOracleLinuxRedhatEnterprise Linux DesktopEnterprise Linux ServerEnterprise Linux Workstation
NA
CVE-2019-12868

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization....

NA
CVE-2019-12865

In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command....

NA
CVE-2018-18958

OPNsense 18.7.x before 18.7.7 has Incorrect Access Control....

NA
CVE-2019-5017

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can...

CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-12789privilege escalationCVE-2019-11409CVE-2019-12840CVE-2018-20472radare2leanifyleanify projectinjectmdm9206 firmwareCVE-2019-5599physicalCVE-2019-0708