CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7988 matches found

vulnersOsv•added 2019/12/02 6:2 p.m.•5 views

filecrawl (>=1.0.0 <=1.0.0b2), hackingtools (>=0.9.94 <=2.0.3) +2 more potentially affected by CVE-2019-19274 via typed-ast (=1.3.1)

typed-ast PYPI version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on typed-ast and may be impacted: - filecrawl =1.0.0, =0.9.94, =0.0.9, =0.0.1, =0.0.3 Source cves: CVE-2019-19274 Source advisory: OSV:GHSA-M3JW-62M7-JJCM...

7.5CVSS7.1AI score0.0136EPSS

Exploits0

Tenable Nessus•added 2019/11/29 12:0 a.m.•73 views

Cisco IOS XE Software User EXEC Mode Root Shell Access Multiple Vulnerabilities (cisco-sa-20180328-privesc1)

According to its self-reported version, Cisco IOS XE Software is affected by multiple vulnerabilities in the CLI parser due to improper sanitization of command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with user EXEC mode access to an...

7.8CVSS7.7AI score0.00168EPSS

Exploits0References6

NVD•added 2019/11/26 4:15 a.m.•13 views

CVE-2019-15986

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input...

7.2CVSS7.1AI score0.00147EPSS

Exploits0References1

Prion•added 2019/11/26 4:15 a.m.•12 views

Input validation

7.2CVSS6.8AI score0.00147EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2019/11/26 3:42 a.m.•8 views

CVE-2019-15986 Cisco Unity Express Command Injection Vulnerability

6.7CVSS7.3AI score0.00147EPSS

Exploits0References1

CVE•added 2019/11/26 3:42 a.m.•91 views

CVE-2019-15986

CVE-2019-15986 is a Cisco Unity Express local command injection vulnerability. An authenticated, local attacker with valid administrator credentials can feed crafted CLI commands due to improper input validation, leading to arbitrary commands executed with root privileges. Cisco’s advisory confir...

7.2CVSS7AI score0.00147EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/11/26 3:41 a.m.•15 views

CVE-2019-15996 Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An...

6.7CVSS6.8AI score0.00093EPSS

Exploits0References1

Vulnrichment•added 2019/11/26 3:41 a.m.•8 views

CVE-2019-15997 Cisco DNA Spaces: Connector Command Injection Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI...

6.7CVSS7.8AI score0.00164EPSS

Exploits0References1

Prion•added 2019/11/26 3:15 a.m.•8 views

Design/Logic Flaw

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

2.1CVSS4.6AI score0.00152EPSS

Exploits0References1Affected Software2

Cvelist•added 2019/11/26 3:11 a.m.•13 views

CVE-2019-15288 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

8.8CVSS9AI score0.00711EPSS

Exploits0References1

CVE•added 2019/11/26 3:11 a.m.•103 views

CVE-2019-15967

The CVE-2019-15967 issue affects Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software. A vulnerability in the CLI allows an authenticated, local attacker to enable audio recording without user notification by exploiting unnecessary debug commands and gaining unrestricted acces...

4.4CVSS4.5AI score0.00152EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/11/26 3:11 a.m.•19 views

CVE-2019-15967 Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

4.4CVSS4.5AI score0.00152EPSS

Exploits0References1

Vulnrichment•added 2019/11/26 3:11 a.m.•7 views

CVE-2019-15967 Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

4.4CVSS6.5AI score0.00152EPSS

Exploits0References1

Tenable Nessus•added 2019/11/25 12:0 a.m.•54 views

openSUSE Security Update : haproxy (openSUSE-2019-2556)

This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues : Security issue fixed : - CVE-2019-14241: Fixed a cookie memory corruption problem. bsc1142529 The update to 2.0.5 brings lots of features and bugfixes : - new internal native HTTP representation called HTX, was...

7.5CVSS7.3AI score0.37036EPSS

Exploits1References2

NVD•added 2019/11/22 1:15 p.m.•13 views

CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...

6.5CVSS6.5AI score0.00319EPSS

Exploits0References5