CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2877 matches found

OSV•added 2023/03/09 8:18 p.m.•60 views

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

5.9CVSS7.3AI score0.00798EPSS

Exploits0References4

OSV•added 2023/03/06 11:15 p.m.•4 views

AZL-25602 CVE-2022-45141 affecting package samba 4.12.5-7

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

9.8CVSS6.5AI score0.00454EPSS

Exploits0References1

Prion•added 2023/03/01 8:15 a.m.•19 views

Command injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...

6.5CVSS8.7AI score0.01888EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/03/01 12:0 a.m.•3 views

Aruba Networks ArubaOS 命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated command injection vulnerability i...

7.2CVSS7.1AI score0.01538EPSS

Exploits0References2

CNNVD•added 2023/03/01 12:0 a.m.•3 views

Aruba Networks ArubaOS 路径遍历漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated path traversal vulnerability in...

6.5CVSS6.5AI score0.00747EPSS

Exploits0References2

OSV•added 2023/03/01 12:0 a.m.•3 views

PUB-A-261193946

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.1AI score0.0009EPSS

Exploits0References2

CNNVD•added 2023/03/01 12:0 a.m.•4 views

Aruba Networks ArubaOS 命令注入漏洞

7.2CVSS7.1AI score0.01538EPSS

Exploits0References2

CNNVD•added 2023/03/01 12:0 a.m.•2 views

Aruba Networks ArubaOS 代码问题漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that stems from a session expiration insufficiency vulnerability in t...

6.8CVSS4.9AI score0.00443EPSS

Exploits0References2

CNNVD•added 2023/03/01 12:0 a.m.•5 views

Aruba Networks ArubaOS 路径遍历漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that stems from an authenticated path traversal vulnerability in the...

4.9CVSS5.4AI score0.00709EPSS

Exploits0References2

CNNVD•added 2023/03/01 12:0 a.m.•4 views

Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from sensitive information that can be accessed through...

6.5CVSS6.5AI score0.00584EPSS

Exploits0References2

CNNVD•added 2023/03/01 12:0 a.m.•5 views

Aruba Networks ArubaOS 路径遍历漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that stems from an authenticated path traversal vulnerability in the...

7.2CVSS6.5AI score0.00766EPSS

Exploits0References2

OSV•added 2023/03/01 12:0 a.m.•3 views

PUB-A-244569778

7.8CVSS7.1AI score0.0009EPSS

Exploits0References2

Tenable Nessus•added 2023/03/01 12:0 a.m.•35 views

Wago PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...

7.5CVSS7.3AI score0.03671EPSS

Exploits0References3

BDU FSTEC•added 2023/02/28 12:0 a.m.•2 views

The vulnerability in the web-based interface for controlling programmable logic controllers WAGO PFC100/PFC200, CC100, Edge Controller, and sensor panels WAGO Touch Panel 600 allows a intruder to execute arbitrary code.

The vulnerability of the web-based interface for controlling WAGO PFC100/PFC200, CC100, Edge Controller, and WAGO Touch Panel 600 programmable logic controllers is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating...

10CVSS7.4AI score0.0074EPSS

Exploits0References3

CVE•added 2023/02/21 8:31 p.m.•59 views

CVE-2017-20179

CVE-2017-20179 affects InSTEDD Pollit 2.3.1, specifically the TourController in app/controllers/tour_controller.rb. The issue is described as a critical vulnerability with remote attack potential and an unknown weakness resulting from manipulation. A fix exists in Pollit 2.3.2, with the patch ide...

9.8CVSS8AI score0.00744EPSS

Exploits0References4Affected Software1

F5 Networks•added 2023/02/21 7:57 p.m.•25 views

K91610944: Intel Ethernet controller vulnerabilities CVE-2020-24492, CVE-2020-24493, CVE-2020-24494, CVE-2020-24495, CVE-2020-24496

Security Advisory Description CVE-2020-24492 Insufficient access control in the firmware for the IntelR 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access. CVE-2020-24493 Insufficient access control in the firmware fo...

4.4CVSS4.4AI score0.003EPSS

Exploits0Affected Software1

F5 Networks•added 2023/02/21 6:54 p.m.•34 views

K21595932: Samba vulnerability CVE-2018-1057

Security Advisory Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service...

8.8CVSS7.4AI score0.10308EPSS

Exploits1

NVD•added 2023/02/16 9:15 p.m.•14 views

CVE-2022-48324

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 pesquisa, 2 data, 3 data2, 4 nome, 5 descricao, 6 idDocumentos, 7 id in file application/controllers/Arquivos.php; 8 senha, 9 nomeCliente, 10 contato, 1...

6.1CVSS6.4AI score0.00628EPSS

Exploits1References3

NVD•added 2023/02/16 9:15 p.m.•16 views

CVE-2022-48325

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 year, 2 oldSenha, 3 novaSenha, 4 termo, 5 nome, 6 cnpj, 7 ie, 8 cep, 9 logradouro, 10 numero, 11 bairro, 12 cidade, 13 uf, 14 telefone, 15 email, 16 id,...

6.1CVSS6.4AI score0.00637EPSS

Exploits1References3

NVD•added 2023/02/16 9:15 p.m.•10 views

CVE-2022-48326

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 nome, 2 aCliente, 3 eCliente, 4 dCliente, 5 vCliente, 6 aProduto, 7 eProduto, 8 dProduto, 9 vProduto, 10 aServico, 11 eServico, 12 dServico, 13 vServico...

6.1CVSS6.4AI score0.00645EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by