CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

642 matches found

IBM Security Bulletins•added 2018/06/16 2:19 p.m.•50 views

Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench

Summary A Struts vulnerability affects IBM InfoSphere Metadata Workbench. Vulnerability Details CVEID: CVE-2017-15707 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted JSON request using outdated json-lib with the Struts REST plugin, a remote attacker...

6.2CVSS1.9AI score0.04889EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2018/06/16 1:50 p.m.•35 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2015-4872, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabilit...

5.9CVSS1.7AI score0.05453EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2018/06/16 1:37 p.m.•22 views

Security Bulletin: Vulnerability in Apache Commons affects IBM InfoSphere Information Server (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM InfoSphere Information Server. Information about this security vulnerability has been published in a WebSphere Application Server security bulletin. Vulnerability Details CVEID:...

10CVSS0.7AI score0.97655EPSS

Exploits10Affected Software1

NVD•added 2018/02/27 3:29 p.m.•17 views

CVE-2017-17478

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code up to 64 characters into a text field in Designer Studio, after establishing context. Designer Studio is the...

4.8CVSS5.1AI score0.00512EPSS

Exploits0References1

OSV•added 2018/02/05 3:29 a.m.•2 views

CVE-2017-15536

An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...

8.8CVSS5.8AI score0.00936EPSS

Exploits0References1

Prion•added 2018/02/05 3:29 a.m.•17 views

Design/Logic Flaw

6.5CVSS8.9AI score0.00936EPSS

Exploits0References1Affected Software1

NVD•added 2018/02/05 3:29 a.m.•19 views

CVE-2017-15536

8.8CVSS9AI score0.00936EPSS

Exploits0References1

CVE•added 2018/02/05 3:0 a.m.•48 views

CVE-2017-15536

CVE-2017-15536 affects Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. The CDSW web application contains multiple vulnerabilities that allow malicious authenticated users to escalate privileges within CDSW. By chaining these weaknesses, an attacker can achieve root access to CDSW nodes, ...

8.8CVSS8.8AI score0.00936EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/02/05 3:0 a.m.•15 views

CVE-2017-15536

9AI score0.00936EPSS

Exploits0References1

CNVD•added 2018/02/05 12:0 a.m.•1 views

Micro Focus Fortify Audit Workbench and Fortify Software Security Center XML External Entity Injection Vulnerability

Micro Focus Fortify Audit Workbench AWB and Micro Focus Fortify Software Security Center SSC are both products of Micro Focus, a British company. Micro Focus Fortify Audit Workbench AWB is a software security auditing platform and Micro Focus Fortify Software Security Center SSC is a software...

9.8CVSS7.4AI score0.01216EPSS

Exploits0References1

CNVD•added 2018/02/05 12:0 a.m.•3 views

Cloudera Data Science Workbench Elevation of Privilege Vulnerability

Cloudera Data Science Workbench CDSW is a suite of data science platforms from US-based Cloudera. The platform provides fast, easy and secure self-service data science support for organizations. A security vulnerability exists in CDSW 1.2.0 prior to version 1.x. The vulnerability can be exploited...

8.8CVSS6.7AI score0.00936EPSS

Exploits0References1

OSV•added 2018/02/02 2:29 p.m.•2 views

CVE-2018-6486

XML External Entity XXE vulnerability in Micro Focus Fortify Audit Workbench AWB and Micro Focus Fortify Software Security Center SSC, versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity XXE injection...

9.8CVSS5.8AI score0.01216EPSS

Exploits0References2

NVD•added 2018/02/02 2:29 p.m.•14 views

CVE-2018-6486

9.8CVSS7.8AI score0.01216EPSS

Exploits0References2

Prion•added 2018/02/02 2:29 p.m.•12 views

Xxe

7.5CVSS9.4AI score0.01216EPSS

Exploits0References2Affected Software2

CNVD•added 2017/12/21 12:0 a.m.•2 views

JBPM KIE Workbench Cross-Site Scripting Vulnerability

JBPM KIE Workbench is based on ASL Apache License Version 2.0 and EULA JBoss End User License Agreement agreement scalable open source executable process language framework. A cross-site scripting vulnerability exists in version 6.0.x of JBPM KIE Workbench. A remote attacker can exploit this...

5.4CVSS6.2AI score0.01056EPSS

Exploits0References1

Prion•added 2017/12/19 7:29 p.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

3.5CVSS5.6AI score0.01056EPSS

Exploits0References3Affected Software1

NVD•added 2017/12/19 7:29 p.m.•16 views

CVE-2013-6465

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

5.4CVSS5.1AI score0.01056EPSS

Exploits0References3

Cvelist•added 2017/12/19 7:0 p.m.•15 views

CVE-2013-6465

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

5.2AI score0.01056EPSS

Exploits0References3

CVE•added 2017/12/19 7:0 p.m.•44 views

CVE-2013-6465

CVE-2013-6465 : Multiple cross-site scripting (XSS) vulnerabilities exist in JBPM KIE Workbench 6.0.x. The issues allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name inputs. Sources in connected documents (NVD/CNVD/PRION/CVE entries) consistent...

5.4CVSS5AI score0.01056EPSS

Exploits0References3Affected Software1

CNVD•added 2017/09/07 12:0 a.m.•1 views

svn-workbench Command Execution Vulnerability

svn-workbench is a svn version control system visualization tool . A security vulnerability exists in svn-workbench and previous versions 1.6.2. The vulnerability can be exploited to execute arbitrary code via the 'Command Shell' menu item...

9.3CVSS8.9AI score0.03311EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by