Recent vulnerabilities and exploits

4
CVSSv3
CVE-2016-1000110

CWE-807: Reliance on Untrusted Inputs in a Security Decision, CWE-454: External Initialization of Trusted Variables or Data StoresWeb servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. The...

NA
CVE-2016-1000109

CWE-807: Reliance on Untrusted Inputs in a Security Decision, CWE-454: External Initialization of Trusted Variables or Data StoresWeb servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. The...

8.1
CVSSv3
CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote...

8.1
CVSSv3
CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1
CVSSv3
CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to...

8.1
CVSSv3
CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an...

NA
CVE-2019-12868

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization....

NA
CVE-2019-12865

In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command....

NA
CVE-2018-18958

OPNsense 18.7.x before 18.7.7 has Incorrect Access Control....

NA
CVE-2019-5017

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can...