CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

849 matches found

Prion•added 2023/01/11 10:15 p.m.•13 views

Buffer overflow

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

6.5CVSS9.8AI score0.00673EPSS

Exploits0References1Affected Software1

Prion•added 2023/01/11 10:15 p.m.•10 views

Buffer overflow

6.5CVSS9.8AI score0.00673EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/01/11 9:40 p.m.•23 views

CVE-2017-16324

8.5CVSS9.9AI score0.00853EPSS

Exploits1References1

Vulnrichment•added 2023/01/11 9:40 p.m.•4 views

CVE-2017-16318

8.5CVSS8AI score0.00673EPSS

Exploits0References1

Cvelist•added 2023/01/11 9:40 p.m.•23 views

CVE-2017-16315

8.5CVSS9.9AI score0.00673EPSS

Exploits0References1

Vulnrichment•added 2023/01/11 9:39 p.m.•7 views

CVE-2017-16301

8.5CVSS8AI score0.00853EPSS

Exploits1References1

Vulnrichment•added 2023/01/11 9:39 p.m.•6 views

CVE-2017-16299

8.5CVSS8AI score0.00853EPSS

Exploits1References1

Vulnrichment•added 2023/01/11 9:39 p.m.•7 views

CVE-2017-16298

8.5CVSS8AI score0.00853EPSS

Exploits1References1

Vulnrichment•added 2023/01/11 9:39 p.m.•4 views

CVE-2017-16257

8.5CVSS7.7AI score0.00853EPSS

Exploits1References1

Code423n4•added 2023/01/03 12:0 a.m.•7 views

Malicious user can use previously used nodeID to prevent user(s) from withdrawing minipool funds

Lines of code Vulnerability details In createMinipool, an event is emitted with details of a newly created minipool. This includes relevant information that a subsequent user can utilise to create another minipool.The only condition that prevents a minipool from being created again with the same...

6.4AI score

Exploits0

Hacker One•added 2022/12/22 4:12 a.m.•89 views

curl: curl file writing susceptible to symlink attacks

Summary: If curl command is used to download a file with predictable file name to a world writable directory such as /tmp, a local attacker is able to mount a symlink attack to either A redirect the target file writing to another file writable by the user or B replace the downloaded file contents...

6.9AI score

Exploits0

Tenable Nessus•added 2022/11/19 12:0 a.m.•33 views

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5728-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5728-2 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading t...

8.8CVSS7.5AI score0.04947EPSS

Exploits7References12

RedHat Linux•added 2022/11/08 11:39 a.m.•1 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS

Exploits1References5

NVD•added 2022/10/12 11:15 p.m.•10 views

CVE-2022-39297

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

9.8CVSS0.0094EPSS

Exploits0References2

NVD•added 2022/10/12 11:15 p.m.•12 views

CVE-2022-39298

MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...

9.8CVSS0.0094EPSS

Exploits0References2

CNNVD•added 2022/10/12 12:0 a.m.•2 views

Melis Platform 代码问题漏洞

Melis Platform is an open source cross-framework digital platform from Melis Platform Open Source. A security vulnerability exists in Melis Platform MelisCms versions prior to 5.0.1 that stems from the ability to deserialize arbitrary data on melisplatform/melis-cms and ultimately lead to the...

9.8CVSS8.8AI score0.0094EPSS

Exploits0References3

CVE•added 2022/10/12 12:0 a.m.•99 views

CVE-2022-39297

CVE-2022-39297 affects melisplatform/melis-cms prior to 5.0.1. The issue is a deserialization vulnerability that allows an attacker to deserialize untrusted data, ultimately executing arbitrary PHP code on the system without authentication. The root cause is improper handling of user-controlled d...

9.8CVSS8.8AI score0.0094EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/10/12 12:0 a.m.•21 views

CVE-2022-39298 Deserialization of untrusted data in MelisFront

7.7CVSS9.7AI score0.0094EPSS

Exploits0References2