CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Github Security Blog•added 2024/05/20 4:51 p.m.•15 views

Passbolt Api Remote code execution

Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or verification is done by Passbolt, effectively allowing a user to inject bash code. The impact is ve...

7AI score

Exploits0References4Affected Software1

Positive Technologies•added 2024/05/20 12:0 a.m.•3 views

PT-2024-40250 · Passbolt · Passbolt

Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue allows a user to inject bash code during the installation stage of Passbolt, as the system does not perform escaping or verification on the input provided for the username, e-mai...

8.1CVSS7.1AI score

Exploits0References5

CVE•added 2024/01/10 12:0 a.m.•42 views

CVE-2023-31446

Cassia Gateway firmware versions XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947 expose a vulnerability where the queueUrl parameter in /bypass/config is not sanitized, enabling injection of Bash code that executes with root privileges at device startup. This affects the Cassia Gateway firmwa...

9.8CVSS9.3AI score0.91678EPSS

In wildExploits1References3Affected Software1

Positive Technologies•added 2024/01/06 12:0 a.m.•3 views

PT-2024-1049 · Cassia · Cassia Gateway Firmware Xc2000 +1

Name of the Vulnerable Software and Affected Versions: Cassia Gateway firmware XC1000 2.1.1.2303082218 Cassia Gateway firmware XC2000 2.1.1.2303090947 Description: The issue is related to the queueUrl parameter in the "/bypass/config" API endpoint, which is not properly sanitized. This allows for...

9.8CVSS9.3AI score0.91678EPSS

Exploits1References14

OSV•added 2023/07/26 8:15 p.m.•0 views

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

9.8CVSS5.8AI score0.90545EPSS

Exploits1References2

Arista•added 2014/09/29 12:0 a.m.•213 views

Security Advisory 0006

Security Advisory 0006 PDF Date: September 29th 2014 Revision | Date | Changes ---|---|--- 1.0 | September 29th 2014 | Initial release 1.1 | September 30th 2014 | Additional details on maintenance releases 1.2 | October 29th 2014 | Additional details on fixed releases 1.3 | November 4th 2014 |...

10CVSS9.4AI score0.9422EPSS

Exploits150References2

myhack58•added 2014/09/28 12:0 a.m.•127 views

bash code injection security vulnerability-vulnerability warning-the black bar safety net

! bashbuga lot of people perhaps the upper half of the occurrence of the security issues of the“heart bleed”in Heartbleed Bug event memory is quite deep, this two days, there was also a“destruction level”of vulnerability-the Bash software security vulnerabilities. This vulnerability French...

10CVSS0.1AI score0.9422EPSS

Exploits139

Tenable Nessus•added 2014/09/26 12:0 a.m.•46 views

GLSA-201409-10 : Bash: Code Injection (Updated fix for GLSA 201409-09)

The remote host is affected by the vulnerability described in GLSA-201409-10 Bash: Code Injection Updated fix for GLSA 201409-09 Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code CVE-2014-6271. Gentoo Linux informed about th...

10CVSS9AI score0.9422EPSS

Exploits139References2