CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2019/07/11 9:17 p.m.•269 views

CVE-2019-10930

Siem ens CVE-2019-10930 affects SIPROTEC 5 (CPU CP300/CP100 and CP200 variants) and related DIGSI 5 modules. A remote attacker could exploit via specially crafted packets to Port 443/TCP to upload, download or delete files in parts of the file system. Affected devices include a range of SIPROTEC ...

7.5CVSS7.3AI score0.01763EPSS

Exploits0References1Affected Software2

OSV•added 2019/07/10 8:15 p.m.•2 views

CVE-2019-0328

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

7.2CVSS7.2AI score0.03422EPSS

Prion•added 2019/07/10 8:15 p.m.•24 views

Code injection

9CVSS7.1AI score0.03422EPSS

Exploits0References3Affected Software1

ThreatPost•added 2019/07/10 3:57 p.m.•52 views

Latest FinSpy Modules Lift Data from Secure Messaging Apps

The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from...

6.3AI score

Exploits0References7

ThreatPost•added 2019/07/10 1:56 p.m.•88 views

Agent Smith Malware Infects 25M Android Phones to Push Rogue Ads

Researchers are warning of a new breed of Android malware, dubbed “Agent Smith,” that they claim has infected 25 million handsets in order to replace legitimate apps with doppelgangers that display rogue ads. The malware is tied to a China-based firm, according to Check Point researchers, and is...

0.8AI score

Exploits0References4

RedHat Linux•added 2019/07/09 9:46 a.m.•106 views

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

5.5CVSS6.8AI score0.01759EPSS

RedHat Linux•added 2019/07/09 9:45 a.m.•104 views

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

5.5CVSS6.8AI score0.01759EPSS

RedHat Linux•added 2019/07/09 8:50 a.m.•103 views

Moderate: Red Hat Security Advisory: ansible security and bug fix update

5.5CVSS6.8AI score0.01759EPSS

Vulnrichment•added 2019/07/06 1:30 a.m.•10 views

CVE-2019-1932 Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability

A vulnerability in Cisco Advanced Malware Protection AMP for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit thi...

6.7CVSS7.3AI score0.00267EPSS

Cvelist•added 2019/07/06 1:30 a.m.•19 views

CVE-2019-1932 Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability

6.7CVSS6.7AI score0.00267EPSS

OSV•added 2019/06/30 10:15 p.m.•0 views

DEBIAN-CVE-2019-13107

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvarstruct.c...

9.8CVSS7AI score0.01766EPSS

Fedora•added 2019/06/28 5:21 a.m.•13 views

[SECURITY] Fedora 29 Update: drupal7-uuid-1.3-1.fc29

This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. This package provides the following Drupal modules: uuid uuidpath uuidservices uuidservicesexample...

4.6AI score

Fedora•added 2019/06/27 12:55 a.m.•14 views

[SECURITY] Fedora 30 Update: drupal7-uuid-1.3-1.fc30

4.6AI score

Hacker One•added 2019/06/26 8:19 p.m.•132 views

Node.js third-party modules: Command Injection due to lack of sanitisation of tar.gz filename passed as an argument to pm2.install() function

Hi Guys, It's been a while : I would like to report Command Injection in pm2.import function when tar.gz archive is installed with a name provided as user controlled input. Due to lack of proper validation of tar.gz archive filename, this vulnerability allows to inject arbitrary commands and...

0.2AI score

Hacker One•added 2019/06/24 5:18 p.m.•14 views

Node.js third-party modules: Application level denial of service due to shutting down the server

Module module name: http-live-simulator version: 1.0.7 npm page: https://www.npmjs.com/package/http-live-simulator Description I've found a way to crash the server due to the way it parses URL Steps To Reproduce: 1- Install the module : npm install -g http-live-simulator 2- Run the server :...

0.3AI score

Cvelist•added 2019/06/20 4:35 p.m.•27 views

CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name...

5.2AI score0.00563EPSS

Exploits0References2

Fedora•added 2019/06/18 3:47 a.m.•39 views

[SECURITY] Fedora 30 Update: ansible-2.8.1-1.fc30

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

5.5CVSS5AI score0.01759EPSS

Fedora•added 2019/06/18 2:21 a.m.•34 views

[SECURITY] Fedora 29 Update: ansible-2.8.1-1.fc29

5.5CVSS5AI score0.01759EPSS