CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

907 matches found

IBM Security Bulletins•added 2023/10/06 8:4 a.m.•44 views

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to jna-platform, ant, httpclient, http-cache-semantics

Summary Vulnerabilities in jna-platform, ant, httpclient, http-cache-semantics such as remote attacker to obtain sensitive information, denial of service, remote attacker to bypass security restrictions may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node....

7.5CVSS7.4AI score0.01834EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2023/10/04 10:31 a.m.•54 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

5.3CVSS6.2AI score0.00505EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/10/04 8:17 a.m.•42 views

Security Bulletin: Multiple Vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons affect IBM Engineering Lifecycle Optimization - Publishing

Summary There are multiple vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons libraries. This has been addressed. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection...

5.3CVSS6.6AI score0.01199EPSS

Exploits1Affected Software1

0day.today•added 2023/09/21 12:0 a.m.•506 views

TOTOLINK Wireless Routers Remote Command Execution Exploit

Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under...

9.8CVSS8.2AI score0.92398EPSS

Exploits4

0day.today•added 2023/09/11 12:0 a.m.•301 views

LG Simple Editor Remote Code Execution Exploit

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...

9.8CVSS7.7AI score0.89119EPSS

Exploits3

Metasploit•added 2023/09/08 7:52 p.m.•285 views

LG Simple Editor Remote Code Execution

9.8CVSS8.6AI score0.89119EPSS

Exploits3

IBM Security Bulletins•added 2023/09/07 3:8 p.m.•18 views

Security Bulletin: There is a vulnerability in Apache Commons HttpClient used by IBM Maximo Asset Management (CVE-2012-5783)

Summary There is a vulnerability in Apache Commons HttpClient used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker ...

5.8CVSS6.7AI score0.00616EPSS

Exploits0Affected Software11

Metasploit•added 2023/08/15 7:50 p.m.•243 views

RaspAP Unauthenticated Command Injection

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

9.8CVSS9AI score0.93057EPSS

Exploits3

Metasploit•added 2023/07/31 7:52 p.m.•427 views

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

8.8CVSS8.8AI score0.89577EPSS

Exploits4

IBM Security Bulletins•added 2023/07/28 7:50 p.m.•32 views

Security Bulletin:IBM TRIRIGA Application Platform discloses Apache HttpClient vulnerability (CVE-2020-13956)

Summary Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security...

5.3CVSS5.8AI score0.00505EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/07/21 12:27 p.m.•28 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956)

Summary Vulnerability in Apache HttpClient library shipped with IBM Sterling Global Mailbox has been addressed. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed...

5.3CVSS5.7AI score0.00505EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/07/18 7:15 a.m.•26 views

Security Bulletin: Vulnerabilities in httpclient library affects IBM Engineering Test Management (ETM) (CVE-2020-13956)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the imprope...

5.3CVSS5.8AI score0.00505EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/07/12 10:38 a.m.•48 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

9.8CVSS8.7AI score0.07423EPSS

Exploits9Affected Software1

IBM Security Bulletins•added 2023/07/12 10:11 a.m.•46 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

9.8CVSS8.7AI score0.07423EPSS

Exploits9Affected Software1

RedHat Linux•added 2023/06/29 8:7 p.m.•42 views

Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

9.8CVSS7.2AI score0.56284EPSS

Exploits17References32

RedHat Linux•added 2023/06/29 8:7 p.m.•2 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.4AI score0.00616EPSS

Exploits0References4

RedHat Linux•added 2023/06/29 8:7 p.m.•11 views

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

5.3CVSS7.2AI score0.00505EPSS

Exploits1References5

IBM Security Bulletins•added 2023/06/28 10:4 p.m.•25 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2012-5783).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere...

5.8CVSS7.1AI score0.00616EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/06/28 10:4 p.m.•20 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2012-5783).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere...

5.8CVSS7.1AI score0.00616EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/06/14 3:55 p.m.•21 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent

Summary APM Linux KVM Agent is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: Apache HttpComponents could allow a remote attacker to...

5.8CVSS6.2AI score0.01368EPSS

Exploits2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by