CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

Github Security Blog•added 2019/07/31 4:21 a.m.•25 views

datagrid contains code Injection backdoor

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS8.9AI score0.03115EPSS

Exploits0References5Affected Software1

RubySec•added 2019/07/31 12:0 a.m.•17 views

Code execution backdoor in datagrid

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS2.5AI score0.03115EPSS

Exploits0References1

Veracode•added 2019/07/26 10:36 a.m.•13 views

Malicious Package

datagrid is a malicious package. The package contains a backdoor similar to the bootstrap-sass malware, as seen in datagrid-1.0.6/lib/datagrid/drivers/abstractdriver.rb...

9.8CVSS9.1AI score0.03115EPSS

Exploits0References2Affected Software1

OSV•added 2019/07/26 5:15 a.m.•2 views

CVE-2019-14281

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS7.3AI score0.03115EPSS

Exploits0References3

Prion•added 2019/07/26 5:15 a.m.•15 views

Code injection

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

7.5CVSS9.4AI score0.03115EPSS

Exploits0References3Affected Software1

CVE•added 2019/07/26 4:6 a.m.•310 views

CVE-2019-14281

The CVE-2019-14281 entry concerns the Ruby datagrid gem (version 1.0.6) distributed on RubyGems.org, which includes a code-execution backdoor inserted by a third party. Multiple connected records (Red Hat, GitHub advisory GHSA, OSV, RubySec) corroborate a malicious backdoor in datagrid-1.0.6. The...

9.8CVSS9.4AI score0.03115EPSS

Exploits0References3Affected Software1

Cvelist•added 2019/07/26 4:6 a.m.•25 views

CVE-2019-14281

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.6AI score0.03115EPSS

Exploits0References3

IBM Security Bulletins•added 2019/01/04 11:10 p.m.•35 views

Security Bulletin: IBM Content Navigator is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494)

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit thi...

9.8CVSS0.9AI score0.02611EPSS

Exploits2Affected Software1

OSV•added 2018/10/15 10:3 p.m.•24 views

GHSA-84CM-X2Q5-8225 dojox vulnerable to unescaped string injection

In Dojo Toolkit before 1.14.0, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS8.1AI score0.02611EPSS

Exploits2References6

Github Security Blog•added 2018/10/15 10:3 p.m.•36 views

dojox vulnerable to unescaped string injection

In Dojo Toolkit before 1.14.0, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS9.2AI score0.02611EPSS

Exploits2References5Affected Software1

0day.today•added 2018/08/28 12:0 a.m.•650 views

Dojo Toolkit 1.13 Cross Site Scripting Vulnerability

Exploit for jsp platform in category web applications Product: Dojo Toolkit Manufacturer: JS Foundation Affected Versions: 1.13 Tested Versions: 1.13, 1.10.7 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2018-07-02 Solution...

8AI score0.02611EPSS

Exploits2

RedhatCVE•added 2018/08/23 5:54 a.m.•47 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS1.9AI score0.02611EPSS

Exploits2References1

Veracode•added 2018/08/20 7:17 a.m.•30 views

Cross-Site Scripting (XSS)

This is Due to the unescaped quotes in dojox/Grid/DataGrid when editing rows, which would allow an attacker to inject arbitrary HTML and Javascript into a victim's browser. Which makes dojox vulnerable to cross-site scripting...

9.8CVSS8.9AI score0.02611EPSS

Exploits2References4Affected Software2

NVD•added 2018/08/18 2:29 a.m.•16 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS7.9AI score0.02611EPSS

Exploits2References3

OSV•added 2018/08/18 2:29 a.m.•19 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS6.9AI score

Exploits0References3

Prion•added 2018/08/18 2:29 a.m.•47 views

Sql injection

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

7.5CVSS9.4AI score0.02611EPSS

Exploits2References3Affected Software2

UbuntuCve•added 2018/08/18 2:29 a.m.•40 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS7.2AI score0.02611EPSS

Exploits2References4

OSV•added 2018/08/18 2:29 a.m.•0 views

UBUNTU-CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS7.3AI score0.02611EPSS

Exploits2References5

Cvelist•added 2018/08/18 2:0 a.m.•25 views

CVE-2018-15494

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

7.9AI score0.02611EPSS

Exploits2References3

Veracode•added 2018/04/23 5:56 a.m.•8 views

Cross-site Scripting (XSS)

primefaces is vulnerable to multiple cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization for the values of the following views: tabView, carousel, dataGrid, dataList, pickList, commandButton...

5.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by