CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7807 matches found

NVD•added 2019/11/06 12:15 a.m.•18 views

CVE-2019-8134

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables...

8.8CVSS9AI score0.01002EPSS

Exploits0References1

CNVD•added 2019/10/30 12:0 a.m.•2 views

OpenAFS Information Disclosure Vulnerability (CNVD-2019-43376)

OpenAFS is a set of open source distributed file system , allowing systems to share files and resources through the local area and wide area network . OpenAFS is vulnerable to an information disclosure vulnerability under certain error conditions. The vulnerability arises from uninitialized RPC...

5.9CVSS6AI score0.01207EPSS

Exploits0References1

BDU FSTEC•added 2019/10/16 12:0 a.m.•4 views

The vulnerability of the libavformat library in the Ffmpeg multimedia environment allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the libavformat library in the Ffmpeg multimedia environment is related to the lack of checking the return value of the sscanf function. This can lead to the use of uninitialized variables. Exploiting this vulnerability could allow a malicious actor to compromise data...

10CVSS5.5AI score0.03032EPSS

Exploits0References6Affected Software7

Kitploit•added 2019/10/13 8:30 p.m.•134 views

uniFuzzer - A Fuzzing Tool For Closed-Source Binaries Based On Unicorn And LibFuzzer

uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer. Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. 中文介绍 Features very little hack and easy to build can target any specified function or code snippet...

7.5AI score

Exploits0References4

NVD•added 2019/10/10 5:15 p.m.•21 views

CVE-2015-9466

The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTPCLIENTIP, HTTPXFORWARDEDFOR, HTTPXFORWARDED, HTTPFORWARDEDFOR, or HTTPFORWARDED variable...

9.8CVSS10AI score0.0239EPSS

Exploits1References3

Cvelist•added 2019/10/10 4:3 p.m.•25 views

CVE-2015-9466

The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTPCLIENTIP, HTTPXFORWARDEDFOR, HTTPXFORWARDED, HTTPFORWARDEDFOR, or HTTPFORWARDED variable...

10AI score0.0239EPSS

Exploits1References3

FreeBSD•added 2019/10/01 12:0 a.m.•29 views

ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

Upstream ksh93 maintainer Siteshwar Vashisht reports: A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated...

7.8CVSS3.8AI score0.01385EPSS

Exploits0References3

OSV•added 2019/09/25 4:15 p.m.•4 views

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

6.5CVSS6.6AI score

Exploits0References2

NVD•added 2019/09/25 4:15 p.m.•27 views

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

6.5CVSS6.4AI score0.01186EPSS

Exploits0References2

Prion•added 2019/09/25 4:15 p.m.•24 views

Code injection

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

4CVSS6.4AI score0.01186EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/09/25 3:5 p.m.•24 views

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

6.4AI score0.01186EPSS

Exploits0References2

CVE•added 2019/09/25 3:5 p.m.•51 views

CVE-2019-10407

CVE-2019-10407 affects Jenkins Project Inheritance Plugin (versions 2.0.0 and earlier; also referenced as 19.08.02 and earlier in extended advisories). The vulnerability stems from the plugin displaying a list of environment variables passed to a build without masking sensitive variables contribu...

6.5CVSS6.3AI score0.01186EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2019/09/25 12:0 a.m.•4 views

PT-2019-11801 · Jenkins · Jenkins Project Inheritance Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 2.0.0 and earlier Jenkins Project Inheritance Plugin versions 19.08.02 and earlier Description: The issue concerns the display of environment variables passed to a build without properly masking...

6.5CVSS6.2AI score0.01186EPSS

Exploits0References4

OSV•added 2019/09/12 2:15 p.m.•4 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.4CVSS6AI score

Exploits0References2

OSV•added 2019/09/11 11:7 p.m.•8 views

GHSA-2XWV-3CC9-FP7C Sensitive Data Exposure in seneca

Versions of seneca prior to 3.9.0 are vulnerable to Sensitive Data Exposure. When a process using the package crashes all environment variables are printed. This may leak sensitive data such as access keys, especially given scenarios when log-monitoring systems store the error output...

5.3CVSS5.1AI score0.01181EPSS

Exploits1References4

NVD•added 2019/09/09 5:15 p.m.•21 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5.3CVSS5.1AI score0.01181EPSS

Exploits1References1

OSV•added 2019/09/09 5:15 p.m.•11 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5.3CVSS6.5AI score

Exploits0References1

Prion•added 2019/09/09 5:15 p.m.•13 views

Design/Logic Flaw

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5CVSS5AI score0.01181EPSS

Exploits1References1Affected Software1

CVE•added 2019/09/09 4:53 p.m.•68 views

CVE-2019-5483

CVE-2019-5483 affects Seneca prior to 3.9.0, exposing environment variables when a process crashes. Connected sources (Red Hat, OSV, GHSA, npm advisory, Veracode) confirm Sensitive Data Exposure due to printing environment data in crash logs. Impact is information disclosure of sensitive data suc...

5.3CVSS4.9AI score0.01181EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/09/09 4:53 p.m.•28 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5AI score0.01181EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by