2020-01-02 | CVE-2019-14859 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. | 9.1 |
2019-06-14 | CVE-2019-10126 | A flaw was found in the Linux kernel. | 9.8 |
2019-06-12 | CVE-2019-3888 | Information Exposure Through Log Files vulnerability in multiple products A vulnerability was found in Undertow web server before 2.0.21. | 9.8 |
2019-06-07 | CVE-2019-10160 | A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. | 9.8 |
2019-03-08 | CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. | 9.8 |
2018-10-09 | CVE-2018-17963 | Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 9.8 |
2018-07-19 | CVE-2017-7481 | Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. | 9.8 |
2018-03-20 | CVE-2018-8088 | org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. | 9.8 |
2018-03-13 | CVE-2018-7750 | Improper Authentication vulnerability in multiple products transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. | 9.8 |
2018-02-06 | CVE-2017-7525 | A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | 9.8 |