CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6574 matches found

OpenVAS•added 2022/10/10 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2451)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.3AI score0.01554EPSS

Exploits15References2

Tenable Nessus•added 2022/10/10 12:0 a.m.•23 views

EulerOS Virtualization 3.0.6.0 : vim (EulerOS-SA-2022-2594)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Out-of-bounds Read CVE-2021-4166, CVE-2021-4193 - vim is vulnerable to Use After Free CVE-2021-4192 - vim is...

9.8CVSS7.1AI score0.26583EPSS

Exploits40References41

Tenable Nessus•added 2022/10/09 12:0 a.m.•51 views

EulerOS 2.0 SP8 : vim (EulerOS-SA-2022-2483)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Buffer Over-read in function grabfilename in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software,...

8CVSS6.5AI score0.02098EPSS

Exploits19References20

OSV•added 2022/10/07 9:23 p.m.•19 views

GHSA-PJ2C-H76W-VV6F tiny-csrf has openly visible CSRF tokens

Impact Weak encryption on CSRF so tokens can be read by malicious attackers. Patches Problems have been patched as of v1.1.0 Workarounds Upgrade to v1.1.0 References https://cheatsheetseries.owasp.org/cheatsheets/Cross-SiteRequestForgeryPreventionCheatSheet.html For more information Submit an iss...

8.1CVSS7.1AI score0.00392EPSS

Exploits0References4

Github Security Blog•added 2022/10/07 9:23 p.m.•29 views

tiny-csrf has openly visible CSRF tokens

8.1CVSS6.4AI score0.00392EPSS

Exploits0References4Affected Software1

Prion•added 2022/10/07 11:15 a.m.•11 views

Design/Logic Flaw

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...

4CVSS6.5AI score0.01787EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/10/07 12:0 a.m.•19 views

CVE-2022-3423 Allocation of Resources Without Limits or Throttling in nocodb/nocodb

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0...

7.3CVSS7.4AI score0.01787EPSS

Exploits1References2

CVE•added 2022/10/07 12:0 a.m.•78 views

CVE-2022-3423

CVE-2022-3423 affects NocoDB prior to version 0.92.0. The issue is a resource management flaw described as Allocation of Resources Without Limits or Throttling, allowing a crafted HTTP request to insert large characters into the input field for creating a new project, which can trigger a Denial o...

7.3CVSS6.6AI score0.01787EPSS

Exploits1References2Affected Software1

Prion•added 2022/10/06 6:16 p.m.•11 views

Default credentials

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

5CVSS5.3AI score0.00672EPSS

Exploits1References2Affected Software1

Prion•added 2022/10/06 6:16 p.m.•13 views

Path traversal

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...

5CVSS7.5AI score0.00997EPSS

Exploits1References2Affected Software1

OSV•added 2022/10/06 6:16 p.m.•5 views

PYSEC-2022-43157

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

5.3CVSS5.2AI score0.00672EPSS

Exploits1References5

OSV•added 2022/10/06 6:16 p.m.•4 views

PYSEC-2022-43156

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

9.8CVSS9.6AI score0.00441EPSS

Exploits1References5

Cvelist•added 2022/10/06 12:0 a.m.•25 views

CVE-2022-3273 Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

3.6CVSS9.8AI score0.00441EPSS

Exploits1References2

CVE•added 2022/10/06 12:0 a.m.•78 views

CVE-2022-3002

CVE-2022-3002 is a stored XSS vulnerability in YetiForceCRM (yetiforcecrm) prior to version 6.4.0. Multiple sources confirm the issue stems from insufficient input filtering/escaping, enabling attacker-controlled data to be stored and later rendered insecurely. The affected software is YetiForceC...

5.4CVSS5.2AI score0.00547EPSS

Exploits1References2Affected Software1

CVE•added 2022/10/06 12:0 a.m.•82 views

CVE-2022-3389

The CVE-2022-3389 entry concerns the Rdiffweb project (ikus060/rdiffweb). Affected version: prior to 2.4.10, with a Path Traversal vulnerability in the file/path handling. The issue is documented as a vulnerability in path traversal (no exploitation details provided in the connected sources). Mit...

8.2CVSS7.6AI score0.00997EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/10/06 12:0 a.m.•26 views

CVE-2022-3389 Path Traversal in ikus060/rdiffweb

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...

8.2CVSS7.7AI score0.00997EPSS

Exploits1References2

OSV•added 2022/10/06 12:0 a.m.•23 views

CVE-2022-3389 Path Traversal in ikus060/rdiffweb

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10...

8.2CVSS8AI score0.00997EPSS

Exploits1References4

RedHat Linux•added 2022/10/05 10:44 a.m.•2 views

parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url

A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue...

7.5CVSS5.7AI score0.01104EPSS

Exploits1References5

Prion•added 2022/09/30 2:15 p.m.•7 views

Design/Logic Flaw

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

5CVSS7.5AI score0.00983EPSS

Exploits1References2Affected Software1