CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2023/02/16 12:0 a.m.•2 views

Fortinet FortiWeb 缓冲区错误漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

8.8CVSS8.9AI score0.007EPSS

NCSC•added 2023/02/14 12:0 a.m.•7 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange Server. A authenticated malicious person could exploit the vulnerabilities to execute arbitrary code under permissions from the process of Exchange Server itself. As a rule, Exchange Server runs with restricted privileges. Microsoft Exchange Server:...

8.8CVSS7AI score0.72025EPSS

NCSC•added 2023/02/14 12:0 a.m.•4 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server and Power BI. An authenticated malicious person could exploit the vulnerabilities to execute arbitrary code, possibly with permissions from the server process itself. SQL Server: |----------------|------|-------------------------------------| | CV...

8.8CVSS7.6AI score0.02059EPSS

RedHat Linux•added 2023/02/08 6:41 p.m.•2 views

jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS6.1AI score0.00196EPSS

Cvelist•added 2022/10/25 12:0 a.m.•17 views

CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

7.5AI score0.01276EPSS

Exploits2References1

Positive Technologies•added 2022/09/21 12:0 a.m.•4 views

PT-2022-23345 · WordPress · Soflyy Import Any Xml/Csv File To Wordpress

Name of the Vulnerable Software and Affected Versions: Soflyy Import any XML or CSV File to WordPress plugin versions = 3.6.7 Description: The issue is related to an Authenticated Arbitrary Code Execution vulnerability. This allows for the execution of arbitrary code by an authenticated user...

9.1CVSS7.2AI score0.05518EPSS

NCSC•added 2022/08/23 12:0 a.m.•2 views

Vulnerabilities fixed in GitLab Enterprise Edition and GitLab Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition and GitLab Community Edition. An authenticated malicious party could exploit the vulnerability to execute arbitrary code via the 'Import from GitHub' API Endpoint to execute arbitrary code with permissions from the application and...

9.9CVSS7.8AI score0.30029EPSS

Exploits4

NCSC•added 2022/08/05 12:0 a.m.•2 views

Vulnerabilities fixed in X.Org Server

Vulnerabilities have been fixed in X.Org Server. A authenticated malicious person can exploit the vulnerabilities to execute arbitrary code. Depending on the permissions under which X.Org Server is running, this allows the malicious party to gain gain root privileges on the vulnerable system. The...

7.8CVSS7.1AI score0.00062EPSS

BDU FSTEC•added 2022/06/29 12:0 a.m.•1 views

The vulnerability of the Authenticated Code Module (ACM) in Intel microprogramming system BIOS allows a hacker to enhance their privileges.

The vulnerability of the Authenticated Code Module ACM in Intel microprogramming system BIOS is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.5CVSS6.6AI score0.00085EPSS

BDU FSTEC•added 2022/06/29 12:0 a.m.•2 views

The vulnerability of the Authenticated Code Module (ACM) in Intel microprogramming system BIOS allows a hacker to enhance their privileges.

The vulnerability of the Authenticated Code Module ACM in Intel microprogramming system BIOS is related to data writing beyond the buffer. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.5CVSS6.6AI score0.00098EPSS

Tenable Nessus•added 2022/06/22 12:0 a.m.•42 views

F5 Networks BIG-IP : Intel BIOS vulnerability (K87351324)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K87351324 advisory. Out-of-bounds write in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to...

7.2CVSS6.8AI score0.00098EPSS

CVE•added 2022/05/12 4:36 p.m.•105 views

CVE-2021-33124

CVE-2021-33124 refers to an out-of-bounds write in the BIOS authenticated code module for some Intel processors that may allow a privileged local user to escalate privileges. Public advisories (Intel SA-00601) describe this class of BIOS/firmware flaws and recommend applying the latest Intel BIOS...

7.2CVSS6.3AI score0.00098EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/05/12 4:36 p.m.•18 views

CVE-2021-33124

Out-of-bounds write in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access...

6.6AI score0.00098EPSS

Vulnrichment•added 2022/05/12 4:36 p.m.•6 views

CVE-2021-33123

Improper access control in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access...

7.5AI score0.00137EPSS