CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

371 matches found

NVD•added 2021/04/08 4:15 a.m.•11 views

CVE-2021-1362

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remo...

9CVSS0.02016EPSS

Exploits0References1

OSV•added 2021/04/08 4:15 a.m.•2 views

CVE-2021-1362

8.8CVSS7.6AI score0.02016EPSS

Exploits0References1

Prion•added 2021/04/08 4:15 a.m.•16 views

Input validation

9CVSS8.8AI score0.02016EPSS

Exploits0References1Affected Software4

Cvelist•added 2021/04/08 4:5 a.m.•13 views

CVE-2021-1362 Cisco Unified Communications Products Remote Code Execution Vulnerability

8.8CVSS9AI score0.02016EPSS

Exploits0References1

Vulnrichment•added 2021/04/08 4:5 a.m.•10 views

CVE-2021-1362 Cisco Unified Communications Products Remote Code Execution Vulnerability

8.8CVSS7.7AI score0.02016EPSS

Exploits0References1

Cisco•added 2021/04/07 4:0 p.m.•87 views

Cisco Unified Communications Products Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.02016EPSS

Exploits0References1

NVD•added 2021/02/04 5:15 p.m.•19 views

CVE-2020-27873

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.621.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 8...

6.5CVSS0.00327EPSS

Exploits0References2

Prion•added 2021/02/04 5:15 p.m.•20 views

Design/Logic Flaw

3.3CVSS6.2AI score0.00327EPSS

Exploits0References2Affected Software19

CVE•added 2021/02/04 4:45 p.m.•47 views

CVE-2020-27873

NETGEAR R7450 router (firmware 1.2.0.62_1.0.1) is affected by CVE-2020-27873. The flaw is in the SOAP API endpoint on TCP/80 due to improper access control, enabling network-adjacent attackers to disclose stored credentials and potentially compromise the device. The issue is associated with ZDI-2...

6.5CVSS6.2AI score0.00327EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/02/04 4:45 p.m.•16 views

CVE-2020-27873

6.5CVSS6.2AI score0.00327EPSS

Exploits0References2

Zero Day Initiative•added 2021/01/18 12:0 a.m.•45 views

NETGEAR R7450 SOAP API RecoverAdminPassword Improper Access Control Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default...

6.5CVSS2.6AI score0.00327EPSS

Exploits0References1

Tenable Nessus•added 2021/01/13 12:0 a.m.•32 views

Fedora 33 : sympa (2021-11cb6626e2)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-11cb6626e2 advisory. - Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as...

4.3CVSS6.3AI score0.01039EPSS

Exploits1References2

Tenable Nessus•added 2021/01/13 12:0 a.m.•22 views

Fedora 32 : sympa (2021-a5570c5281)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-a5570c5281 advisory. - Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as...

4.3CVSS6.3AI score0.01039EPSS

Exploits1References2

UbuntuCve•added 2020/12/30 10:15 p.m.•24 views

CVE-2020-28413

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...

6.5CVSS6.7AI score0.01737EPSS

Exploits3References3

Cvelist•added 2020/12/30 9:28 p.m.•14 views

CVE-2020-28413

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...

5.3CVSS7.3AI score0.01737EPSS

Exploits3References2

OpenVAS•added 2020/12/25 12:0 a.m.•29 views

Debian: Security Advisory (DSA-4818-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6AI score0.02124EPSS

Exploits2References4

Tenable Nessus•added 2020/12/24 12:0 a.m.•43 views

Debian DSA-4818-1 : sympa - security update

Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API. Additionally to mitigate CVE-2020-26880 the sympanewaliases-wrapper is no longer installed setuid root by default....

7.8CVSS6.4AI score0.02124EPSS

Exploits2References12

Debian•added 2020/12/23 9:53 p.m.•54 views

[SECURITY] [DSA 4818-1] sympa security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4818-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2020 https://www.debian.org/security/faq -...

7.8CVSS7.4AI score0.02124EPSS

Exploits2

Debian•added 2020/12/23 9:53 p.m.•26 views

[SECURITY] [DSA 4818-1] sympa security update

7.2CVSS1.2AI score0.02124EPSS

Exploits2

Kitploit•added 2020/12/18 11:30 a.m.•56 views

Go365 - An Office365 User Attack Tool

Go365 is a tool designed to perform user enumeration and password guessing attacks on organizations that use Office365 now/soon Microsoft365. Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the...

7.7AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by