CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

566 matches found

FreeBSD•added 2020/04/02 12:0 a.m.•31 views

mediawiki -- multiple vulnerabilities

Mediawikwi reports: T285159, CVE-2023-PENDING SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses. T326946, CVE-2020-36649 SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos. T330086, CVE-2023-PENDING SECURITY: OATHAuth allows replay attacks when MediaWiki...

7.5CVSS7.5AI score0.01388EPSS

Exploits1References1

OSV•added 2020/03/04 5:15 p.m.•3 views

CVE-2020-9761

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...

9.8CVSS7.4AI score0.02136EPSS

Exploits0References2

Veeam•added 2020/03/02 12:0 a.m.•39 views

List of Security Fixes and Improvements in Veeam Agent for Linux

Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Agent for Linux. The goal of this article is to provide our customers' security and compliance teams with the detailed information on security improvements between releases, in...

7.8CVSS7AI score0.00187EPSS

Exploits0Affected Software1

CNVD•added 2019/12/09 12:0 a.m.•1 views

SROS 2 Information Disclosure Vulnerability (CNVD-2020-03189)

SROS 2 is a tool for generating and distributing SROS keys. SROS 2 suffers from an information disclosure vulnerability that stems from an insecure default configuration of the program. An attacker can exploit the vulnerability to disclose node information...

7.5CVSS6.3AI score0.01502EPSS

Exploits1References1

Prion•added 2019/11/13 6:15 p.m.•18 views

Design/Logic Flaw

In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for...

2.1CVSS5.2AI score0.00158EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/11/13 5:34 p.m.•21 views

CVE-2019-2197

5.2AI score0.00158EPSS

Exploits0References1

UbuntuCve•added 2019/11/04 10:15 p.m.•24 views

CVE-2010-3663

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend...

8.8CVSS6.6AI score0.02395EPSS

Exploits0References1

Prion•added 2019/11/04 10:15 p.m.•16 views

Design/Logic Flaw

6.5CVSS8.3AI score0.02395EPSS

Exploits0References3Affected Software1

CVE•added 2019/10/29 7:36 p.m.•66 views

CVE-2018-18931

CVE-2018-18931 affects Tightrope Media Carousel (v7.0.4.104). The issue arises from insecure default permissions on C:\TRMS\Services, enabling an attacker with system access to replace Carousel.Service.exe with a malicious executable. This independent service can be manipulated without affecting ...

9CVSS8.8AI score0.01631EPSS

Exploits1References1Affected Software1

Snyk•added 2019/10/18 12:15 p.m.•4 views

Insecure Default

Overview github.com/goharbor/harbor/src/core/api is a cloud native registry project that stores, signs, and scans content. Affected versions of this package are vulnerable to Insecure Default. Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to...

7.5CVSS6.8AI score0.01711EPSS

Exploits0References2

OSV•added 2019/08/20 8:15 p.m.•3 views

CVE-2019-2120

In OatFileAssistant::GenerateOatFile of oatfileassistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...

7.8CVSS7.2AI score0.00173EPSS

Exploits0References1

OSV•added 2019/06/05 8:48 p.m.•14 views

GHSA-83RX-C8CR-6J8Q Insecure Default Configuration in tesseract.js

Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations. Recommendation Upgrade to version 1.0.19 or later...

5.9CVSS7.1AI score

Exploits0References4

Node.js•added 2019/05/03 6:45 p.m.•18 views

Insecure Default Configuration

Overview Versions of graphql-code-generator prior to 0.18.2 have an Insecure Default Configuration. The packages sets NODETLSREJECTUNAUTHORIZED to 0, disabling certificate verification for the entire project. This results in Insecure Communication for the process. Recommendation Upgrade to versio...

6.8AI score

Exploits0Affected Software1

OSV•added 2019/04/19 8:29 p.m.•2 views

CVE-2019-2041

In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS7.2AI score0.00188EPSS

Exploits0References1

Prion•added 2019/04/19 8:29 p.m.•12 views

Design/Logic Flaw

6.9CVSS7.2AI score0.00188EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/04/19 7:46 p.m.•17 views

CVE-2019-2041

7.4AI score0.00188EPSS

Exploits0References1

OSV•added 2019/02/28 5:29 p.m.•1 views

CVE-2019-1994

In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation...

8.8CVSS7.4AI score

Exploits0References2