CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

RedhatCVE•added 2025/05/22 5:1 p.m.•17 views

CVE-2020-26234

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...

4.8CVSS6.6AI score0.00276EPSS

Exploits0

CVE•added 2024/04/17 9:43 p.m.•67 views

CVE-2024-29952

CVE-2024-29952 affects Brocade SANnav prior to v2.3.1 and v2.3.0a. An authenticated user can exploit command-variable manipulation to cause logs to disclose Auth, Priv, and SSL key store passwords in plaintext. The vulnerability has a local attack vector with low attack complexity and no user int...

5.5CVSS6.6AI score0.00112EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/04/17 9:43 p.m.•15 views

CVE-2024-29952 Clear text storage of sensistive information by manipulating command variables

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables...

5.5CVSS6.8AI score0.00112EPSS

Exploits0References1

Github Security Blog•added 2022/09/30 10:51 p.m.•29 views

matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

8.6CVSS7.6AI score0.00485EPSS

Exploits0References7Affected Software1

OSV•added 2021/11/01 12:0 a.m.•29 views

ASB-A-197336441

In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation...

5CVSS5.2AI score0.00113EPSS

Exploits0References2

NVD•added 2020/12/08 11:15 p.m.•7 views

CVE-2020-26234

4.8CVSS4.8AI score0.00276EPSS

Exploits0References2

OSV•added 2020/12/08 11:15 p.m.•16 views

CVE-2020-26234

4.8CVSS4.9AI score

Exploits0References2

Github Security Blog•added 2020/12/08 10:37 p.m.•38 views

Disabled Hostname Verification in Opencast

Opencast before version 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...

4.8CVSS0.2AI score0.00276EPSS

Exploits0References4Affected Software1

Cvelist•added 2020/12/08 10:35 p.m.•16 views

CVE-2020-26234 Disabled Hostname Verification in OpenCast

4.8CVSS4.8AI score0.00276EPSS

Exploits0References2

RedHat Linux•added 2020/07/29 6:6 a.m.•5 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS

Exploits0References4

OSV•added 2020/06/03 6:15 p.m.•1 views

CVE-2020-3335

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this...

5.5CVSS5.8AI score0.00279EPSS

Exploits0References1

NVD•added 2020/06/03 6:15 p.m.•28 views

CVE-2020-3335

5.5CVSS5.1AI score0.00279EPSS

Exploits0References1

Prion•added 2020/06/03 6:15 p.m.•11 views

Authorization

2.1CVSS5.1AI score0.00279EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2020/06/03 5:56 p.m.•1 views

CVE-2020-3335 Cisco Application Services Engine Software Authorization Vulnerability

5.5CVSS5.5AI score0.00279EPSS

Exploits0References1

Cvelist•added 2020/06/03 5:56 p.m.•18 views

CVE-2020-3335 Cisco Application Services Engine Software Authorization Vulnerability

5.5CVSS5.1AI score0.00279EPSS

Exploits0References1

OSV•added 2020/05/14 9:15 p.m.•2 views

CVE-2020-0105

In onKeyguardVisibilityChanged of keystoreservice.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.2AI score0.00138EPSS

Exploits0References1

Prion•added 2020/05/14 9:15 p.m.•12 views

Hardcoded credentials

4.6CVSS8AI score0.00138EPSS

Exploits0References1Affected Software1

CVE•added 2020/05/14 8:8 p.m.•52 views

CVE-2020-0105

CVE-2020-0105 affects Android 9 and 10. It stems from a missing permission check in onKeyguardVisibilityChanged within key_store_service.cpp, enabling local privilege escalation to use keyguard-bound keys when the screen is locked, without extra execution privileges. CVSS data (NVD) shows LOCAL a...

7.8CVSS7.5AI score0.00138EPSS

Exploits0References1Affected Software1

OSV•added 2019/07/08 6:15 p.m.•1 views

CVE-2019-2119

In multiple functions of keystoreservice.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

5.5CVSS5.9AI score0.00115EPSS

Exploits0References1

NVD•added 2019/07/08 6:15 p.m.•16 views

CVE-2019-2119

5.5CVSS5AI score0.00115EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by