CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2495 matches found

SUSE CVE•added 2023/02/15 3:22 a.m.•1 views

SUSE CVE-2023-0054

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145...

5.5CVSS8.5AI score0.00469EPSS

Exploits1References16

UbuntuCve•added 2023/02/14 8:15 p.m.•61 views

CVE-2023-21722

.NET Framework Denial of Service Vulnerability...

5CVSS6.8AI score0.00917EPSS

Exploits0References2

Tenable Nessus•added 2023/01/20 12:0 a.m.•25 views

SUSE SLES12 Security Update : postgresql-jdbc (SUSE-SU-2023:0104-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0104-1 advisory. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint,...

5.5CVSS6.3AI score0.00491EPSS

Exploits1References4

IBM Security Bulletins•added 2022/12/13 1:11 a.m.•74 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to local information disclosure due to Postgresql JDBC (CVE-2022-41946)

Summary The Postgresql JDBC driver is used by IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...

5.5CVSS5AI score0.00491EPSS

Exploits1Affected Software1

RedHat Linux•added 2022/11/15 11:38 a.m.•4 views

speex: divide by zero in read_samples() via crafted WAV file

A divide-by-zero flaw was found in speex within the readsamples at src/speexenc.c function. This flaw allows a malicious user to provide a crafted wav file and crash the speexenc utility, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

5.5CVSS5.7AI score0.0094EPSS

Exploits1References4

RedHat Linux•added 2022/11/15 10:31 a.m.•3 views

sanitize-url: XSS due to improper sanitization in sanitizeUrl function

A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url...

6.1CVSS7.3AI score0.01423EPSS

Exploits1References6

AlpineLinux•added 2022/11/09 12:0 a.m.•160 views

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability...

7.2CVSS8.1AI score0.04488EPSS

Exploits0

RedHat Linux•added 2022/10/25 9:7 a.m.•1 views

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

6.5CVSS6.6AI score0.01103EPSS

Exploits1References6

Wolfi•added 2022/10/19 6:40 p.m.•18 views

GHSA-F4P5-X4VC-MH4V vulnerabilities

Vulnerabilities for packages: kubevela...

7.5AI score

Exploits0

RedHat Linux•added 2022/09/13 6:25 p.m.•3 views

dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

A vulnerability was found in the DPDK package. Affected versions of this package are vulnerable to denial of service DoS attacks, affecting system availability...

8.6CVSS7.1AI score0.01812EPSS

Exploits0References4

UbuntuCve•added 2022/09/13 12:0 a.m.•46 views

CVE-2022-38013

.NET Core and Visual Studio Denial of Service Vulnerability...

7.5CVSS7.1AI score0.02992EPSS

Exploits0References4

Wolfi•added 2022/09/05 10:15 a.m.•83 views

CVE-2022-38751 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0...

6.5CVSS6.7AI score0.01453EPSS

Exploits0

UbuntuCve•added 2022/08/10 8:15 p.m.•5 views

CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

9.1CVSS7.1AI score0.01449EPSS

Exploits0References3

Debian CVE•added 2022/08/09 12:0 a.m.•8 views

CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

8.1CVSS7.7AI score0.01127EPSS

Exploits0

RedHat Linux•added 2022/07/04 7:45 a.m.•5 views

php: Special character breaks path in xml parsing

A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

5.3CVSS7.3AI score0.25951EPSS

Exploits1References4

CBLMariner•added 2022/07/01 9:2 p.m.•32 views

CVE-2022-27779 affecting package curl for versions less than 7.83.1-1

CVE-2022-27779 affecting package curl for versions less than 7.83.1-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS6.6AI score0.02414EPSS

Exploits1

RedHat Linux•added 2022/06/30 9:4 p.m.•5 views

vim: heap buffer overflow in vim_strncpy

A flaw was found in vim, where it is vulnerable to a heap buffer overflow in the vimstrncpy findword function. This flaw allows a specially crafted file to crash software, modify memory and possibly perform remote execution when opened in vim...

7.8CVSS7.5AI score0.02276EPSS

Exploits1References5

CNVD•added 2022/06/20 12:0 a.m.•25 views

SAP Adaptive Server Enterprise Elevation of Privilege Vulnerability

SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. An elevation of privilege vulnerability exists in SAP Adaptive Server Enterprise. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An attacker could use the vulnerabili...

7.2CVSS6.4AI score0.0023EPSS

Exploits0References1