CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8064 matches found

OSV•added 2023/01/30 5:15 p.m.•14 views

PYSEC-2023-6

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3...

7.5CVSS7.6AI score0.01536EPSS

Exploits0References1

Debian•added 2023/01/28 12:7 p.m.•47 views

[SECURITY] [DLA 3285-1] libapache-session-browseable-perl security update

Debian LTS Advisory DLA-3285-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS Package : libapache-session-browseable-perl Version : 1.3.0-1+deb10u1 CVE ID : CVE-2020-36659 In Apache::Session::Browseable before 1.3.6,...

8.1CVSS7.1AI score0.00449EPSS

Exploits1

NVD•added 2023/01/27 5:15 a.m.•19 views

CVE-2020-36659

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...

8.1CVSS7.7AI score0.00309EPSS

Exploits0References2

OSV•added 2023/01/27 5:15 a.m.•24 views

CVE-2020-36659

8.1CVSS7.7AI score

Exploits0References2

NVD•added 2023/01/27 5:15 a.m.•20 views

CVE-2020-36658

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...

8.1CVSS7.7AI score0.00189EPSS

Exploits1References2

OSV•added 2023/01/27 5:15 a.m.•31 views

CVE-2020-36658

8.1CVSS7.6AI score

Exploits0References2

Prion•added 2023/01/27 5:15 a.m.•18 views

Design/Logic Flaw

5.1CVSS7.6AI score0.00449EPSS

Exploits1References2Affected Software1

CVE•added 2023/01/27 12:0 a.m.•82 views

CVE-2020-36659

CVE-2020-36659 affects Apache::Session::Browseable (before 1.3.6) where X.509 certificate validation is not enforced by default for remote LDAP backends due to Net::LDAPS default config. This vulnerability is tied to LemonLDAP::NG and its Apache::Session dependencies; Debian and OpenVAS advisorie...

8.1CVSS7.5AI score0.00309EPSS

Exploits0References2Affected Software1

CVE•added 2023/01/27 12:0 a.m.•86 views

CVE-2020-36658

CVE-2020-36658 affects Apache::Session::LDAP prior to 0.5, where validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends because the Net::LDAPS Perl module default is used. This can enable spoofing or exposure of sensitive information if an attacker tri...

8.1CVSS7.5AI score0.00449EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/01/27 12:0 a.m.•21 views

CVE-2020-36658

7.7AI score0.00189EPSS

Exploits1References2

Cvelist•added 2023/01/27 12:0 a.m.•37 views

CVE-2020-36659

7.7AI score0.00309EPSS

Exploits0References2

OpenVAS•added 2023/01/27 12:0 a.m.•22 views

Ubuntu: Security Advisory (USN-4766-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.8AI score0.92332EPSS

Exploits5References2

OpenVAS•added 2023/01/27 12:0 a.m.•32 views

Ubuntu: Security Advisory (USN-4789-1)

8.1CVSS7.7AI score0.17446EPSS

Exploits1References2

Debian CVE•added 2023/01/27 12:0 a.m.•29 views

CVE-2020-36659

8.1CVSS7.7AI score0.00309EPSS

Exploits0

Debian CVE•added 2023/01/27 12:0 a.m.•33 views

CVE-2020-36658

8.1CVSS7.7AI score0.00189EPSS

Exploits1

Huntr•added 2023/01/25 3:18 p.m.•27 views

Privilege Escalation from customer to root

Privilege Escalation from Customer to Root First of all, sorry for the formatting of the report, but this platform is a mess. I can't attach any PoC files added chapters at the end of the report instead, can't attach any screenshots, nor provide a report as PDF. And btw markdown is only partly...

6.5CVSS9.3AI score0.00513EPSS

Exploits1

Tenable Nessus•added 2023/01/23 12:0 a.m.•36 views

RHEL 7 : rh-maven35-apache-commons-collections4 (RHSA-2020:4274)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4274 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...

10CVSS7.7AI score0.71461EPSS

Exploits8References5

Positive Technologies•added 2023/01/20 12:0 a.m.•4 views

PT-2023-6757 · Apache +4 · Apache +4

Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.7 Description: The issue is related to errors in security settings of the WAF engine for Apache ModSecurity. It may allow a remote attacker to bypass existing firewall rules. The problem also involves incorre...

9.8CVSS7.6AI score0.0204EPSS

Exploits2References51

RedhatCVE•added 2023/01/18 7:5 p.m.•81 views

CVE-2006-20001

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. Mitigation Disabling moddav and restarting httpd will mitigate this flaw...

7.5CVSS8AI score0.00547EPSS

Exploits0References4

Fedora•added 2023/01/18 1:41 a.m.•211 views

[SECURITY] Fedora 36 Update: awstats-7.8-9.fc36

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

6.1CVSS6.2AI score0.01003EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by