CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ThreatPost•added 2019/02/13 3:20 p.m.•142 views

Flaw in snapd Allows Root Access to Linux Servers

A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...

10CVSS0.8AI score0.84555EPSS

Exploits10References6

NVD•added 2019/02/07 9:29 p.m.•17 views

CVE-2019-1679

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...

5CVSS5.3AI score0.00077EPSS

Exploits0References2

Prion•added 2019/02/07 9:29 p.m.•18 views

Server side request forgery (ssrf)

4CVSS5.2AI score0.00077EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2019/02/07 9:0 p.m.•6 views

CVE-2019-1679 Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability

5CVSS7AI score0.00077EPSS

Exploits0References2

Cvelist•added 2019/02/07 9:0 p.m.•14 views

CVE-2019-1679 Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability

5CVSS5.3AI score0.00077EPSS

Exploits0References2

Cisco•added 2019/02/06 4:0 p.m.•124 views

Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability

5CVSS1.3AI score0.00077EPSS

Exploits0References1

Packet Storm•added 2019/02/06 12:0 a.m.•111 views

OpenMRS Platform Insecure Object Deserialization

Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N JAVA 8 ENVIRONMENT By injecting an XML payload ...

9.6AI score0.93328EPSS

exploitpack•added 2019/02/05 12:0 a.m.•38 views

OpenMRS Platform 2.24.0 - Insecure Object Deserialization

OpenMRS Platform 2.24.0 - Insecure Object Deserialization Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...

10CVSS9.6AI score0.93328EPSS

0day.today•added 2019/02/05 12:0 a.m.•37 views

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization Vulnerability

Exploit for java platform in category web applications Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...

0.3AI score0.93328EPSS

NVD•added 2019/01/29 4:29 p.m.•17 views

CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031...

4.9CVSS4.7AI score0.00235EPSS

Prion•added 2019/01/29 4:29 p.m.•14 views

Information disclosure

4CVSS4.6AI score0.00235EPSS

OSV•added 2019/01/29 4:29 p.m.•1 views

CVE-2018-1976

4.9CVSS5.8AI score

Cvelist•added 2019/01/29 4:0 p.m.•16 views

CVE-2018-1976

4.9CVSS4.7AI score0.00235EPSS

CVE•added 2019/01/29 4:0 p.m.•45 views

CVE-2018-1976

IBM. API Connect 5.0.0.0–5.0.8.4 is affected by a REST API–driven information disclosure that could allow a user with administrative privileges to obtain highly sensitive data. The root cause is described as a sensitive information disclosure via a REST API. The issue is addressed in IBM API Conn...

4.9CVSS4.6AI score0.00235EPSS

IBM Security Bulletins•added 2019/01/24 8:20 p.m.•14 views

Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1976 DESCRIPTION: IBM API Connect V5 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive informatio...

4.9CVSS2.1AI score0.00235EPSS

Exploits0Affected Software1

NVD•added 2019/01/15 8:29 p.m.•18 views

CVE-2017-6924

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

7.4CVSS7.3AI score0.00464EPSS

Prion•added 2019/01/15 8:29 p.m.•15 views

Code injection

5.8CVSS7.7AI score0.00464EPSS

OSV•added 2019/01/15 8:29 p.m.•17 views

CVE-2017-6924

7.4CVSS6.4AI score

CVE•added 2019/01/15 8:0 p.m.•124 views

CVE-2017-6924

Drupal 8.x before 8.3.7 is affected by CVE-2017-6924 where REST API access can allow users to post approved comments without proper permission if REST module and comment resource are enabled and an attacker can access a user account or anonymous comments. The root cause is a flaw in the REST API ...

7.4CVSS8.3AI score0.00464EPSS