CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2020/04/15 12:0 a.m.•1 views

SAP Commerce Input Validation Error Vulnerability

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. The product supports sales management, marketing management, order management and operations management. An input validation error vulnerability exists in SAP Commerce that stems from the Rest API program not securely...

9.3CVSS6.8AI score0.0131EPSS

OSV•added 2020/04/09 2:15 p.m.•2 views

CVE-2020-10629

WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...

7.5CVSS7.1AI score0.01231EPSS

CNVD•added 2020/04/08 12:0 a.m.•2 views

Advantech WebAccess/NMS Input Validation Error Vulnerability

Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. An input validation error vulnerability exists in Advantech WebAccess/NMS, which can be exploited by an attacker to obtain sensitive information via specially crafted XML input...

7.5CVSS6.5AI score0.01231EPSS

OSV•added 2020/04/07 4:15 p.m.•2 views

CVE-2019-4391

HCL AppScan Standard is vulnerable to XML External Entity Injection XXE attack when processing XML data...

8.2CVSS7.2AI score

OSV•added 2020/04/04 12:15 a.m.•1 views

CVE-2020-5348

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...

7.8CVSS7.4AI score0.00379EPSS

Fedora•added 2020/03/30 12:18 a.m.•26 views

[SECURITY] Fedora 32 Update: weechat-2.7.1-1.fc32

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

9.8CVSS1.4AI score0.03684EPSS

OpenVAS•added 2020/03/17 12:0 a.m.•25 views

Fedora: Security Advisory for weechat (FEDORA-2020-4d232b48b8)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.7AI score

Exploits0References2

OpenVAS•added 2020/03/17 12:0 a.m.•29 views

Fedora: Security Advisory for weechat (FEDORA-2020-db890b4800)

8.7AI score

Exploits0References2

BDU FSTEC•added 2020/03/17 12:0 a.m.•3 views

The vulnerability of the eap_request and eap_response functions in the PPP (Point-to-Point Protocol) daemon pppd allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the eaprequest and eapresponse functions in the PPP Point-to-Point Protocol daemon pppd protocol is related to buffer overflow vulnerabilities. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code using a specially...

7.5CVSS8.5AI score0.19431EPSS

Exploits3References13Affected Software7

Fedora•added 2020/03/16 3:12 p.m.•26 views

[SECURITY] Fedora 31 Update: weechat-2.7.1-1.fc31

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

9.8CVSS1.4AI score0.03684EPSS

Openbugbounty•added 2020/03/12 5:13 p.m.•7 views

bima.co.uk Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1117089 Security Researcher g0bl1nsec Helped patch 3759 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting bima.co.uk website and it...

6.4AI score

8.8CVSS8.2AI score0.01999EPSS

Siemens SiNVR 3 SQL Injection Vulnerability

SiNVR 3 is a video management platform.Central Control Server CCS is the central control server and Video Server is the video server. SiNVR 3 has a SQL injection vulnerability in the XML-based communication protocol by default, which can be exploited by remote attackers to read or modify the...

CNVD•added 2020/03/12 12:0 a.m.•3 views

WAGO PFC200 Stack Buffer Overflow Vulnerability (CNVD-2020-16849)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A stack buffer overflow vulnerability exists in the iocheckd service 'I/O-Check' function of the WAGO PFC200 03.02.0214. An attacker could exploit this vulnerability via a specially crafted XML cache file to achieve code...

7.8CVSS7.8AI score0.00656EPSS

7.8CVSS7.8AI score0.01358EPSS

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16848)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the iocheckd service 'I/O-Check' function of the WAGO PFC200 03.02.0214. An attacker can exploit this vulnerability to inject OS commands via specially crafted XML cache files...

7.8CVSS7.8AI score0.01358EPSS

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16840)

5.5CVSS7.8AI score0.00526EPSS

WAGO PFC200 Stack Buffer Overflow Vulnerability (CNVD-2020-16852)