Recent vulnerabilities and exploits

NA
CVE-2019-10079

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later...

NA
CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain...

2.1
CVSSv2
CVE-2018-20781

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext....

CanonicalUbuntu Linux
NA
CVE-2019-11043

<!-- '"` --><!-- </textarea></xmp> --> In this repository All GitHub ...

NA
CVE-2019-4523

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481....

NA
CVE-2019-12967

Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control....

3.5
CVSSv2
CVE-2019-17189

totemodata 3.0.0_b936 has XSS via a folder name....

NA
CVE-2019-11674

Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack....

7.5
CVSSv2
CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540....

FasterxmlJackson-databind
7.5
CVSSv2
CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig....

FasterxmlJackson-databind