CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4222 matches found

IBM Security Bulletins•added 2021/04/05 7:17 a.m.•24 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An...

5.8CVSS3AI score0.00246EPSS

Exploits0Affected Software1

BDU FSTEC•added 2021/03/30 12:0 a.m.•2 views

The vulnerability of the wp-includes/Requests/Utility/FilteredIterator.php component of the WordPress content management system, related to the restoration of unreliable data structures in memory, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the wp-includes/Requests/Utility/FilteredIterator.php component of the WordPress content management system is related to incorrect handling of serialization requests. Exploiting this vulnerability can allow a malicious actor to access sensitive data, compromise its integrity,...

9.8CVSS7.7AI score0.27967EPSS

Exploits1References8Affected Software3

WPVulnDB•added 2021/03/26 12:0 a.m.•16 views

AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage

In the plugin, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the accessallyorderform shortcode, no login o...

5CVSS1.4AI score0.25403EPSS

Exploits2Affected Software1

RedhatCVE•added 2021/03/24 4:31 p.m.•37 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS3.7AI score0.00256EPSS

Exploits0References3

OSV•added 2021/03/23 12:15 a.m.•27 views

CVE-2021-21348

7.5CVSS7.5AI score0.00256EPSS

Exploits0References15

NVD•added 2021/03/23 12:15 a.m.•20 views

CVE-2021-21348

7.8CVSS0.00256EPSS

Exploits0References15

OSV•added 2021/03/23 12:15 a.m.•24 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS9.4AI score0.92EPSS

Exploits1References15

OSV•added 2021/03/23 12:15 a.m.•17 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS8.5AI score0.06747EPSS

Exploits1References15

OSV•added 2021/03/23 12:15 a.m.•24 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS9.1AI score0.00869EPSS

Exploits1References15

ATTACKERKB•added 2021/03/23 12:15 a.m.•1 views

CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS6.2AI score0.03287EPSS

Exploits1References21Affected Software1

Prion•added 2021/03/23 12:15 a.m.•22 views

Design/Logic Flaw

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

6.5CVSS9.4AI score0.88091EPSS

Exploits1References16Affected Software13

Prion•added 2021/03/23 12:15 a.m.•23 views

Arbitrary file deletion

5CVSS8.2AI score0.00623EPSS

Exploits1References15Affected Software12

UbuntuCve•added 2021/03/23 12:15 a.m.•29 views

CVE-2021-21342

9.1CVSS6.9AI score0.00869EPSS

Exploits1References7

Prion•added 2021/03/23 12:15 a.m.•16 views

Default configuration

7.8CVSS8.3AI score0.00256EPSS

Exploits0References15Affected Software13

Prion•added 2021/03/23 12:15 a.m.•15 views

Design/Logic Flaw

6.5CVSS9.5AI score0.92EPSS

Exploits1References15Affected Software13

ATTACKERKB•added 2021/03/23 12:15 a.m.•1 views

CVE-2021-21348

7.8CVSS5.7AI score0.00256EPSS

Exploits0References21Affected Software1

UbuntuCve•added 2021/03/23 12:15 a.m.•31 views

CVE-2021-21351

9.1CVSS7AI score0.92EPSS

Exploits1References7

UbuntuCve•added 2021/03/23 12:15 a.m.•31 views

CVE-2021-21343

7.5CVSS6.9AI score0.00623EPSS

Exploits1References7

CVE•added 2021/03/22 11:45 p.m.•383 views

CVE-2021-21348

XStream (Java) before version 1.4.16 is vulnerable to a denial of service where a remote attacker can cause a thread to consume maximum CPU time and not return. Public documents consistently describe the issue as affecting XStream’s XML deserialization, with mitigation requiring upgrading to at l...

7.8CVSS7.2AI score0.00256EPSS

Exploits0References15Affected Software1

Debian CVE•added 2021/03/22 11:45 p.m.•20 views

CVE-2021-21348

7.8CVSS7.7AI score0.00256EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by