Vulnerabilidades em [UNKNOWN]
240 resultadosCVE-2017-2670HIGHIt was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effecEPSS 3.7%CVE-2018-10844MEDIUMIt was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use thisEPSS 3.6%CVE-2018-10845MEDIUMIt was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use thisEPSS 3.6%CVE-2018-16851MEDIUMSamba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP seaEPSS 3.3%CVE-2018-14651HIGHIt was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, aEPSS 3.2%CVE-2017-7466HIGHAnsible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control EPSS 3.2%CVE-2017-2595HIGHIt was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via pEPSS 3.1%CVE-2019-10174HIGHA vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application clEPSS 3.1%CVE-2018-10855MEDIUMAnsible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used tEPSS 3.1%CVE-2020-10738HIGHA flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versionEPSS 3.1%CVE-2018-16853HIGHSamba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-defaultEPSS 3.1%CVE-2018-14645HIGHA flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_iEPSS 3.0%CVE-2017-7465CRITICALIt was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use tEPSS 3.0%CVE-2019-3821HIGHA flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could EPSS 2.9%CVE-2018-10880MEDIUMLinux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in eEPSS 2.9%CVE-2018-10936HIGHA weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a hoEPSS 2.9%CVE-2018-1132HIGHA flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticatingEPSS 2.9%CVE-2018-10869HIGHredhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any fiEPSS 2.8%CVE-2017-7467HIGHA buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could pEPSS 2.8%CVE-2019-3826MEDIUMA stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincEPSS 2.7%