CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1390 matches found

Positive Technologies•added 2022/07/25 12:0 a.m.•3 views

PT-2022-14796 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 7.0NG.761 and below Description: The issue concerns a Stored Cross Site-Scripting vulnerability in the agent creation section, specifically affecting the alias parameter. This can be exploited by an attacker with...

4.8CVSS4.9AI score0.00359EPSS

Exploits0References3

CNNVD•added 2022/07/25 12:0 a.m.•4 views

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS v7.0NG.761 and earlier versions, which stems from the alias paramete...

4.8CVSS4.9AI score0.00359EPSS

Exploits0References2

OSV•added 2022/07/14 8:15 p.m.•0 views

DEBIAN-CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure...

6.5CVSS6.4AI score0.00772EPSS

Exploits0References1

OSV•added 2022/07/13 7:15 p.m.•3 views

CVE-2022-20230

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.9AI score0.00087EPSS

Exploits0References1

Positive Technologies•added 2022/07/13 12:0 a.m.•5 views

PT-2022-14455 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to improper input validation in the choosePrivateKeyAlias function of KeyChain.java, which could lead to local information disclosure. User interaction is...

5.5CVSS5AI score0.00087EPSS

Exploits0References4

ATTACKERKB•added 2022/06/14 1:0 p.m.•4 views

CVE-2022-2059

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system...

4.8CVSS5.9AI score0.00359EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/06/06 12:0 a.m.•3 views

PT-2022-4763 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to improper input validation in the kbase mem alias function of mali kbase mem linux.c, which could lead to arbitrary code execution and local escalation of privilege without requiring addition...

7.8CVSS7.9AI score0.00507EPSS

Exploits3References13

Github Security Blog•added 2022/05/24 5:26 p.m.•16 views

Dolibarr stored Cross-Site Scripting (XSS) vulnerability

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

5.4CVSS5.5AI score0.00832EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/20 3:9 a.m.•6 views

GSD-2022-1002519 Information Leakage in Analytics version curent as of 2022-05-19

In the Google Analytics admin web interface, current as of 2022-05-19 an information leakage exists in the Account Access Management and Property Access Management that can be used, resulting in an attacker determining if a Google-hosted email address is in fact a Google account or a google group...

6.8AI score

Exploits0References1

Github Security Blog•added 2022/05/17 2:43 a.m.•20 views

ViMbAdmin Cross-site Scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 transport parameter to domain/add; the 3 name parameter to mailbox/add/did/; the 4 goto parameter to alias/add/did/; or the 5 captchatext...

5.4CVSS5.8AI score0.01012EPSS

Exploits2References4Affected Software1

OSV•added 2022/05/13 1:30 a.m.•17 views

GHSA-9PF8-QQHM-7W64 Improper Input Validation in Datomic

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code...

8.8CVSS9AI score0.34986EPSS

Exploits2References13

Trend Micro Simply Security•added 2022/04/19 12:0 a.m.•13 views

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...

4.1AI score

Exploits0