CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

813 matches found

OSV•added 2023/03/28 1:15 p.m.•0 views

CVE-2022-3684

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

7.5CVSS5.8AI score0.00389EPSS

Exploits0References1

Prion•added 2023/03/28 1:15 p.m.•12 views

Hardcoded credentials

6.4CVSS9AI score0.00261EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/03/28 12:49 p.m.•15 views

CVE-2022-3684 SDM600 endpoint vulnerability

7.5CVSS7.6AI score0.00389EPSS

Exploits0References1

CNNVD•added 2023/03/28 12:0 a.m.•3 views

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from a problem in the endpoint that can be exploited by an attacker to cause an application to become unresponsive by running multiple parallel requests...

7.5CVSS7.3AI score0.00389EPSS

Exploits0References4

CNNVD•added 2023/03/28 12:0 a.m.•4 views

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291. An attacker exploiting this vulnerability could cause an application to be unresponsive by running multiple parallel requests...

9.1CVSS8.3AI score0.00261EPSS

Exploits0References3

Positive Technologies•added 2023/03/28 12:0 a.m.•2 views

PT-2023-2146 · Hitachi Energy · Sdm600

Name of the Vulnerable Software and Affected Versions: Hitachi Energy System Data Manager SDM600 versions prior to 1.2 FP3 HF4 Build Nr. 1.2.23000.291 Description: A vulnerability exists in the SDM600 endpoint, where an attacker could exploit this issue by running multiple parallel requests,...

9.4CVSS9.1AI score0.00261EPSS

Exploits0References6

Snyk•added 2023/03/26 8:31 a.m.•1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. PoC import tensorflow as tf func = tf.rawops.ParallelConcat...

7.5CVSS7AI score0.0024EPSS

Exploits0References2

Snyk•added 2023/03/14 8:19 a.m.•1 views

Malicious Package

Overview parallel-workers is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score

Exploits0References3

Tenable Nessus•added 2023/03/05 12:0 a.m.•56 views

FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the be233fc6-bae7-11ed-a4fb-080027f5fec9 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...

9.1CVSS6.5AI score0.00111EPSS

Exploits2References5

OSV•added 2023/02/28 11:15 p.m.•1 views

CVE-2022-47076

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx...

7.5CVSS5.8AI score0.92051EPSS

Exploits5References4

Ubuntu•added 2023/02/27 12:34 p.m.•145 views

USN-5891-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...

9.1CVSS6.5AI score0.00111EPSS

Exploits2

OSV•added 2023/02/27 12:34 p.m.•0 views

USN-5891-1 curl vulnerabilities

9.1CVSS6.7AI score0.00111EPSS

Exploits2References4

Microsoft CVE•added 2023/02/24 8:0 a.m.•2 views

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.

...

6.5CVSS6.3AI score0.00039EPSS

Exploits0

OSV•added 2023/02/23 8:15 p.m.•38 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

6.5CVSS7.5AI score0.00039EPSS

Exploits0References3

OSV•added 2023/02/23 8:15 p.m.•1 views

DEBIAN-CVE-2023-23915

6.5CVSS6.2AI score0.00039EPSS

Exploits0References1

OSV•added 2023/02/23 8:15 p.m.•1 views

AZL-13660 CVE-2023-23915 affecting package rust for versions less than 1.72.0-2

6.5CVSS6.6AI score0.00039EPSS

Exploits0References1

OSV•added 2023/02/23 8:15 p.m.•2 views

AZL-13655 CVE-2023-23915 affecting package mysql for versions less than 8.0.33-1