CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

Fedora•added 2018/11/22 2:55 a.m.•20 views

[SECURITY] Fedora 27 Update: python-urllib3-1.24.1-2.fc27

Python HTTP module with connection pooling and file POST abilities...

0.2AI score

Exploits0

Tenable Nessus•added 2018/08/15 12:0 a.m.•32 views

Fedora 27 : knot-resolver (2018-eb9ca8b218)

Knot Resolver 2.4.1 2018-08-02 ================================ Security -------- - fix CVE-2018-10920: Improper input validation bug in DNS resolver component security!7, security!9 Bugfixes -------- - cache: fix TTL overflow in packet due to minttl 388, security!8 - TLS session resumption: avoi...

7.5CVSS6.8AI score0.03239EPSS

Exploits0References2

CNVD•added 2018/05/30 12:0 a.m.•3 views

Stattic Node Module Path Traversal Vulnerability

The stattic node module is a script that serves static files using the http module. A path traversal vulnerability exists in the stattic node module, which stems from a lack of path validation in the program. An attacker could use this vulnerability to read the contents of an arbitrary file...

7.5CVSS7.4AI score0.01918EPSS

Exploits1References1

Hacker One•added 2018/02/23 12:44 p.m.•36 views

Node.js third-party modules: [stattic] Inproper path validation leads to Path Traversal and allows to read arbitrary files with any extension(s)

I would like to report Path Traversal in stattic module. It allows to read content of some arbitrary files from the server where stattic is installed and run. Module module name: stattic version: 0.2.3 npm page: https://www.npmjs.com/package/stattic Module Description Ridiculous simple script for...

5CVSS0.2AI score0.01918EPSS

Exploits1

Fedora•added 2018/02/14 5:11 p.m.•50 views

[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

10CVSS0.5AI score0.08628EPSS

Exploits4

Fedora•added 2017/04/19 9:32 a.m.•35 views

[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25

10CVSS0.5AI score0.13616EPSS

Exploits11

Fedora•added 2017/04/19 7:53 a.m.•52 views

[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24

10CVSS0.5AI score0.13616EPSS

Exploits11

Vulnerability Lab•added 2015/07/02 12:0 a.m.•82 views

eSolutions HTTP Live Headers 1.0.6 - Cross Site Vulnerability

Document Title: =============== eSolutions HTTP Live Headers 1.0.6 - Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1541 Release Date: ============= 2015-07-02 Vulnerability Laboratory ID VL-ID:...

7.1AI score

Exploits0

NVD•added 2015/05/15 1:59 a.m.•16 views

CVE-2015-0727

Cross-site scripting XSS vulnerability in the HTTP module in Cisco Security Manager CSM 4.70SP11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789...

4.3CVSS5.6AI score0.01546EPSS

Exploits0References2

Prion•added 2015/05/15 1:59 a.m.•13 views

Cross site scripting

4.3CVSS6AI score0.01546EPSS

Exploits0References2Affected Software1

Cvelist•added 2015/05/15 1:0 a.m.•18 views

CVE-2015-0727

5.6AI score0.01546EPSS

Exploits0References2

Cisco•added 2015/05/13 4:0 p.m.•20 views

Cisco Security Manager Cross-Site Scripting Vulnerability

A vulnerability in the HTTP module of the Cisco Security Manager CSM could allow an unauthenticated, remote attacker to conduct reflective cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to the vulnerable CSM web interface. An...

4.3CVSS6.3AI score0.01546EPSS

Exploits0References1

Fedora•added 2014/11/01 5:15 p.m.•66 views

[SECURITY] Fedora 21 Update: libxml2-2.9.1-6.fc21

5CVSS0.5AI score0.04021EPSS

Exploits1

NVD•added 2013/06/20 3:55 p.m.•13 views

CVE-2012-6570

The HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remot...

10CVSS7.8AI score0.0167EPSS

Exploits0References1

NVD•added 2013/06/20 3:55 p.m.•15 views

CVE-2012-6571

The HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a...

7.5CVSS6.5AI score0.00944EPSS

Exploits0References1

Prion•added 2013/06/20 3:55 p.m.•15 views

Stack overflow

Stack-based buffer overflow in the HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI...

9.3CVSS8.7AI score0.0228EPSS

Exploits0References1Affected Software18

Prion•added 2013/06/20 3:55 p.m.•13 views

Heap overflow

10CVSS8.5AI score0.0167EPSS

Exploits0References1Affected Software18

Prion•added 2013/06/20 3:55 p.m.•14 views

Design/Logic Flaw

7.5CVSS7.1AI score0.00944EPSS

Exploits0References1Affected Software18

Cvelist•added 2013/06/20 3:0 p.m.•20 views

CVE-2012-6569