CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2012-0016

Malware in sbrugna...

3.5CVSS6AI score0.02038EPSS

Exploits0References20

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2012-0014

Malware in sbrugna...

4CVSS6.1AI score0.0284EPSS

Exploits0References19

Prion•added 2023/02/14 6:15 p.m.•14 views

Design/Logic Flaw

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

4CVSS4.5AI score0.00359EPSS

Exploits0References1Affected Software2

Github Security Blog•added 2022/05/17 5:23 a.m.•22 views

OpenStack Keystone token expiration issues

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

4.9CVSS6.9AI score0.02266EPSS

Exploits1References18Affected Software1

OSV•added 2022/05/17 5:23 a.m.•20 views

GHSA-XP97-6W7R-4CJC OpenStack Keystone token expiration issues

4.9CVSS5.9AI score0.02266EPSS

Exploits1References18

OSV•added 2022/05/17 1:39 a.m.•26 views

GHSA-W66P-78G4-MR7G OpenStack Keystone Insufficient token expiration

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

8.2CVSS5.7AI score0.0284EPSS

Exploits0References14

Prion•added 2020/12/01 9:15 p.m.•15 views

Design/Logic Flaw

OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...

3.5CVSS6.2AI score0.01108EPSS

Exploits0References4Affected Software1

OSV•added 2020/12/01 9:15 p.m.•28 views

PYSEC-2020-68

6.3CVSS2.1AI score0.01108EPSS

Exploits0References4

CVE•added 2017/02/20 8:35 a.m.•56 views

CVE-2016-7651

CVE-2016-7651 affects Apple devices (iOS prior to 10.2 and watchOS prior to 3.1.1) with an issue in the Accounts component that allows local bypass of authorization via mishandling of an app uninstall. The public documentation lists the root cause as improper sanitization during uninstall, enabli...

5.3CVSS4.5AI score0.00274EPSS

Exploits0References5Affected Software1

securityvulns•added 2015/09/15 12:0 a.m.•86 views

[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04762372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04762372 Version: 2 HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization...

4CVSS0.5AI score0.0184EPSS

Exploits0

NVD•added 2012/12/18 1:55 a.m.•18 views

CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

5.4CVSS6.1AI score0.02038EPSS

Exploits0References15

NVD•added 2012/12/18 1:55 a.m.•27 views

CVE-2012-5563

4CVSS6AI score0.0284EPSS

Exploits0References11