CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4929 matches found

NVD•added 2017/10/05 1:29 a.m.•22 views

CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

8.5CVSS8.4AI score0.0003EPSS

Exploits0References1

Cvelist•added 2017/10/04 1:0 a.m.•28 views

CVE-2017-1000106

8.5AI score0.0003EPSS

Exploits0References1

CVE•added 2017/10/04 1:0 a.m.•83 views

CVE-2017-1000106

This CVE (CVE-2017-1000106) affects Jenkins Blue Ocean integration for GitHub organization folders. The root cause is that the SCM content REST API did not verify the current user’s authentication/credentials when creating or editing pipelines for repositories within a GitHub organization folder....

8.5CVSS8.4AI score0.0003EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2017/10/02 12:0 a.m.•22 views

Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability

According to its self-reported version, the Cisco IOS XE Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

10CVSS8.4AI score0.09258EPSS

Exploits0References3

NVD•added 2017/09/29 1:34 a.m.•22 views

CVE-2017-12229

A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for th...

10CVSS9.8AI score0.09258EPSS

Exploits0References3

Prion•added 2017/09/29 1:34 a.m.•12 views

Authentication flaw

10CVSS9.7AI score0.09258EPSS

Exploits0References3Affected Software1

Cvelist•added 2017/09/28 7:0 a.m.•21 views

CVE-2017-12229

9.8AI score0.09258EPSS

Exploits0References3

CVE•added 2017/09/28 7:0 a.m.•67 views

CVE-2017-12229

The CVE describes an authentication bypass in the REST API of Cisco IOS XE Web UI (versions 3.1–16.5) caused by insufficient input validation. An unauthenticated, remote attacker could bypass REST API authentication and access the web UI if the device has HTTP Server enabled. The issue affects Ci...

10CVSS9.7AI score0.09258EPSS

Exploits0References3Affected Software1

Cisco•added 2017/09/27 4:0 p.m.•30 views

Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability

A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST A...

10CVSS9.9AI score0.09258EPSS

Exploits0References1

Tenable Nessus•added 2017/09/21 12:0 a.m.•25 views

EMC Data Protection Advisor < 6.4.130 Hardcoded Password Vulnerability

According to its self-reported version number, the EMC Data Protection Advisor running on the remote host is 6.3.x prior to 6.3 patch 67 or 6.4.x prior to 6.4 patch 130. It is, therefore, affected by a default credential vulnerability due to hardcoded passwords with the Apollo System Test,...

9.8CVSS8.4AI score0.01305EPSS

Exploits1References2