CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

Tenable Nessus•added 2023/11/08 12:0 a.m.•19 views

Debian dla-3649 : python-urllib3 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3649 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3649-1 [email protected] https://www.debian.org/lts/security/...

7.1CVSS6.8AI score0.00326EPSS

Exploits0References4

Veracode•added 2023/10/20 7:39 a.m.•21 views

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Path Traversal. The vulnerability results from inadequate sanitization of the filename parameter. Exploiting this flaw, an attacker can execute HTTP requests on the localhost interface or bypass CORS configuration. Consequently, they may be...

7.8CVSS7.1AI score0.00354EPSS

Exploits0References4Affected Software1

Veracode•added 2023/10/20 7:1 a.m.•20 views

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP POST request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...

7.1CVSS6.7AI score0.00326EPSS

Exploits0References7Affected Software1

Veracode•added 2023/10/19 5:53 a.m.•16 views

Privilege Escalation

Arduino Create Agent is vulnerable to Privilege Escalation. The vulnerability is due to the improper handling of requests to the endpoint /v2/pkgs/tools/installed. This can be exploited by an attacker via executing a HTTP requests to the localhost interface leading to the elevation of privileges ...

7.8CVSS6.8AI score0.00211EPSS

Exploits0References4Affected Software1

NVD•added 2023/10/18 10:15 p.m.•45 views

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.4AI score0.00326EPSS

Exploits0References3

NVD•added 2023/10/18 10:15 p.m.•29 views

CVE-2023-43800

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

7.8CVSS7.3AI score0.00211EPSS

Exploits0References3

Prion•added 2023/10/18 10:15 p.m.•17 views

Design/Logic Flaw

4.3CVSS7.6AI score0.00211EPSS

Exploits0References3Affected Software1

NVD•added 2023/10/18 9:15 p.m.•13 views

CVE-2023-43803

7.1CVSS6.4AI score0.00326EPSS

Exploits0References4

NVD•added 2023/10/18 9:15 p.m.•40 views

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

7.8CVSS7.2AI score0.00354EPSS

Exploits0References3

Prion•added 2023/10/18 9:15 p.m.•17 views

Design/Logic Flaw

4.3CVSS7.6AI score0.00354EPSS

Exploits0References3Affected Software1

Prion•added 2023/10/18 9:15 p.m.•22 views

Authentication flaw

3.2CVSS6.7AI score0.00326EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2023/10/18 9:7 p.m.•15 views

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

7.3CVSS6.9AI score0.00211EPSS

Exploits0References3

Cvelist•added 2023/10/18 9:7 p.m.•37 views

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

7.3CVSS7.8AI score0.00211EPSS

Exploits0References3

CVE•added 2023/10/18 9:7 p.m.•58 views

CVE-2023-43800

CVE-2023-43800 affects the Arduino Create Agent. The vulnerability stems from the endpoint /v2/pkgs/tools/installed, where a user able to issue HTTP requests to the localhost interface or bypass the CORS policy can escalate privileges to the user running the Arduino Create Agent service via a cra...

7.8CVSS7.2AI score0.00211EPSS

Exploits0References3Affected Software1

OSV•added 2023/10/18 9:7 p.m.•31 views

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

7.3CVSS7.4AI score0.00211EPSS

Exploits0References5

Cvelist•added 2023/10/18 9:6 p.m.•49 views

CVE-2023-43801 Path traversal in Arduino Create Agent

6.1CVSS7AI score0.00326EPSS

Exploits0References3

Vulnrichment•added 2023/10/18 9:6 p.m.•14 views

CVE-2023-43801 Path traversal in Arduino Create Agent

6.1CVSS6.8AI score0.00326EPSS

Exploits0References3

CVE•added 2023/10/18 9:6 p.m.•70 views

CVE-2023-43801

CVE-2023-43801 affects the Arduino Create Agent, specifically the endpoint /v2/pkgs/tools/installed. A user able to make HTTP requests to the localhost interface or bypass CORS can delete arbitrary files/folders owned by the Arduino Create Agent’s running user via a crafted HTTP DELETE request. R...

7.1CVSS6.4AI score0.00326EPSS

Exploits0References3Affected Software1

CVE•added 2023/10/18 8:39 p.m.•67 views

CVE-2023-43802

Arduino Create Agent is affected by a path traversal vulnerability in the /upload endpoint that processes the filename parameter. A user able to issue HTTP requests to the localhost interface or bypass CORS can escalate privileges to the user running the Arduino Create Agent service via a crafted...

7.8CVSS7.1AI score0.00354EPSS

Exploits0References3Affected Software1

OSV•added 2023/10/18 8:39 p.m.•30 views

CVE-2023-43802 Path traversal in Arduino Create Agent

7.1CVSS7.5AI score0.00354EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by