CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2024/04/09 11:51 a.m.•25 views

CVE-2024-2905

6.2CVSS6.2AI score0.0033EPSS

CNNVD•added 2024/04/09 12:0 a.m.•1 views

openEuler 安全漏洞

openEuler is an operating system from the Open Atomics Open Source Foundation. A security vulnerability exists in openEuler rpm-ostree, which stems from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access...

6.2CVSS6.3AI score0.0033EPSS

Positive Technologies•added 2024/04/09 12:0 a.m.•3 views

PT-2024-4622 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. It allows an attacker to elevate their privileges...

7CVSS9.1AI score0.00387EPSS

Exploits0References6

Positive Technologies•added 2024/04/09 12:0 a.m.•3 views

PT-2024-5018 · Unknown +2 · Rpm-Ostree +2

Name of the Vulnerable Software and Affected Versions: rpm-ostree affected versions not specified Description: A security issue has been found in rpm-ostree, related to the /etc/shadow file having the world-readable bit enabled in default builds. This is due to default permissions being set highe...

6.2CVSS6.3AI score0.0033EPSS

Exploits0References18

Positive Technologies•added 2024/03/27 12:0 a.m.•3 views

PT-2024-3911 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a cross-site request forgery CSRF vulnerability. It allows a remote attacker to exploit the vulnerability, potentially enabling them to set arbitrary authenticati...

9.4CVSS7.9AI score

BDU FSTEC•added 2024/03/11 12:0 a.m.•1 views

The vulnerability of the Microsoft Message Queuing (MSMQ) queue service on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Message Queuing MSMQ queue service on Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7CVSS7.7AI score0.00384EPSS

CNNVD•added 2024/01/10 12:0 a.m.•3 views

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows an authenticated, remote attacker to read or update arbitrary content in the...

8.8CVSS7AI score0.00869EPSS

Exploits0References2

OSV•added 2024/01/03 8:15 p.m.•3 views

CVE-2023-5879

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 and below on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication...

6.8CVSS5.8AI score0.00419EPSS

NVD•added 2024/01/03 8:15 p.m.•10 views

CVE-2023-5879

6.8CVSS6.6AI score0.00419EPSS

NVD•added 2023/11/27 11:15 a.m.•18 views

CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

8.8CVSS0.01324EPSS

Cvelist•added 2023/11/27 10:22 a.m.•16 views

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

6.3CVSS9.2AI score0.01324EPSS

CNNVD•added 2023/11/27 12:0 a.m.•2 views

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An authorization issue vulnerability exists in Apache Superset versions prior to 2.1.2 that stems from the presence of incorrect authorization checks. An attacker could exploit this vulnerability...

8.8CVSS6.8AI score0.01324EPSS

BDU FSTEC•added 2023/11/18 12:0 a.m.•3 views

The vulnerability of the SerializationTypeConverter class in the Microsoft Exchange Server mail server allows attackers to perform spoofing attacks.

The vulnerability of the SerializationTypeConverter class in Microsoft Exchange Server lies in the deserialization mechanism’s flaws, resulting from insufficient protection of service data during NTLM authentication. Exploiting this vulnerability allows an attacker to perform spoofing attacks...

8CVSS7.6AI score0.72992EPSS

OSV•added 2023/10/31 9:15 p.m.•3 views

CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...

6.1CVSS5.8AI score0.00398EPSS

CNNVD•added 2023/10/31 12:0 a.m.•1 views

Exim Security Vulnerabilities

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards, and delivers mail. A security vulnerability exists in Exim that stems from Exim incorrectly processing user-supplied authentication data, resulting in memory corruption...

9.8CVSS7AI score0.05673EPSS