CVE-2019-9948
- EPSS 11.84%
- Veröffentlicht 23.03.2019 18:29:02
- Zuletzt bearbeitet 21.11.2024 04:52:39
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call...
CVE-2017-15041
- EPSS 8.94%
- Veröffentlicht 05.10.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. I...
- EPSS 83.52%
- Veröffentlicht 10.11.2016 21:59:00
- Zuletzt bearbeitet 21.04.2026 17:43:46
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc...
- EPSS 7.14%
- Veröffentlicht 20.07.2014 11:12:50
- Zuletzt bearbeitet 06.05.2026 22:30:45
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.