CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

798 matches found

Prion•added 2020/07/21 2:15 p.m.•15 views

Improper access control

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...

4.3CVSS6AI score0.00866EPSS

Exploits1References2Affected Software1

OSV•added 2020/06/19 7:15 p.m.•10 views

CVE-2017-18885

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

9.8CVSS7.3AI score

Exploits0References1

Prion•added 2020/06/19 7:15 p.m.•13 views

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

7.5CVSS9.4AI score0.01175EPSS

Exploits0References1Affected Software1

Prion•added 2020/06/19 7:15 p.m.•12 views

Code injection

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

5CVSS5.3AI score0.0092EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/06/19 6:10 p.m.•19 views

CVE-2017-18885

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

9.6AI score0.01175EPSS

Exploits0References1

NVD•added 2020/06/03 1:15 p.m.•29 views

CVE-2020-2191

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels...

4.3CVSS4.6AI score0.00656EPSS

Exploits0References2

Positive Technologies•added 2020/06/03 12:0 a.m.•3 views

PT-2020-15405 · Jenkins · Jenkins Self-Organizing Swarm Plug-In Modules Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Self-Organizing Swarm Plug-in Modules Plugin versions 3.20 and earlier Description: The issue concerns the lack of permission checks on API endpoints that allow adding and removing agent labels. This allows users with Agent/Create...

5.4CVSS4.4AI score0.00656EPSS

Exploits0References8

RedhatCVE•added 2020/02/22 1:28 a.m.•30 views

CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5.3CVSS1.7AI score0.01412EPSS

Exploits0References4

RedHat Linux•added 2020/02/19 7:55 p.m.•2 views

jenkins: REST APIs vulnerable to clickjacking

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

5.4CVSS6AI score0.0185EPSS

Exploits0References4

Prion•added 2020/01/31 1:15 p.m.•13 views

Information disclosure

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5CVSS5.2AI score0.01412EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2020/01/31 1:15 p.m.•16 views

CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5.3CVSS6.8AI score0.01412EPSS

Exploits0References2

Debian CVE•added 2020/01/31 12:19 p.m.•28 views

CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5.3CVSS5.4AI score0.01412EPSS

Exploits0

Prion•added 2020/01/06 8:15 a.m.•20 views

Sql injection

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

9CVSS8AI score0.46935EPSS

Exploits10References2Affected Software1

Cvelist•added 2019/12/31 4:53 p.m.•11 views

CVE-2019-12837

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints...

4.6AI score0.01105EPSS

Exploits1References1

NVD•added 2019/11/21 3:15 p.m.•37 views

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4.3CVSS4.3AI score0.00691EPSS

Exploits0References2

OSV•added 2019/11/21 3:15 p.m.•16 views

CVE-2019-16547

4.3CVSS6.2AI score

Exploits0References2

Prion•added 2019/11/21 3:15 p.m.•25 views

Design/Logic Flaw

4CVSS4.2AI score0.00691EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/11/21 2:11 p.m.•38 views

CVE-2019-16547

4.3AI score0.00691EPSS

Exploits0References2

CVE•added 2019/11/21 2:11 p.m.•75 views

CVE-2019-16547

CVE-2019-16547 affects the Jenkins Google Compute Engine Plugin (versions up to 4.1.1). The issue is missing permission checks on several API endpoints, allowing users with Overall/Read to obtain limited information about the plugin configuration and environment. In practice, the impact is inform...

4.3CVSS4.2AI score0.00691EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2019/11/21 2:11 p.m.•32 views

CVE-2019-16547

4.3CVSS4.2AI score0.00691EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by