CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cisco•added 2019/05/01 4:0 p.m.•62 views

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller APIC software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain comman...

7.8CVSS2.9AI score0.00352EPSS

Kitploit•added 2019/05/01 12:49 p.m.•131 views

Twint - An Advanced Twitter Scraping And OSINT Tool

Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's API. Twint utilizes Twitter's search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics...

7.1AI score

Exploits0References6

Tenable Nessus•added 2019/04/26 12:0 a.m.•34 views

Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability

According to its self-reported version, Cisco Wireless LAN Controller WLC is affected by following vulnerability - A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated,...

5.4CVSS5.6AI score0.00545EPSS

Exploits0References3

OSV•added 2019/04/24 4:29 p.m.•13 views

CVE-2019-3786

Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...

7.1CVSS6.5AI score0.00592EPSS

NVD•added 2019/04/24 4:29 p.m.•15 views

CVE-2019-3786

7.7CVSS6.9AI score0.00592EPSS

Prion•added 2019/04/24 4:29 p.m.•16 views

Design/Logic Flaw

4CVSS6.7AI score0.00592EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/04/24 3:21 p.m.•17 views

CVE-2019-3786 BBR could run arbitrary scripts on deployment VMs

7.7CVSS6.8AI score0.00592EPSS

CVE•added 2019/04/24 3:21 p.m.•87 views

CVE-2019-3786

Cloud Foundry BOSH Backup and Restore CLI (all versions before v1.5.0) does not validate backup-script authenticity in BOSH. A remote authenticated attacker can modify the metadata of a BBR job to request extra backup files from different jobs during restore. The vulnerable hooks are in the cfcr-...

7.7CVSS6.8AI score0.00592EPSS

Exploits0References1Affected Software1

Fedora•added 2019/04/22 5:11 a.m.•18 views

[SECURITY] Fedora 29 Update: group-service-1.1.0-5.fc29

Dbus Group management CLI tool...

1.5AI score

Exploits0

Veracode•added 2019/04/22 4:4 a.m.•10 views

Sensitive Information Disclosure

sequelize-cli is vulnerable to sensitive information disclosure. The vulnerability exists as the config.password value is logged unencrypted into log files, allowing a local user to retrieve the configuration password...

5.9AI score

Exploits0

Node.js•added 2019/04/19 9:51 p.m.•12 views

Sensitive Data Exposure

Overview Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text. Recommendation Upgrade to version 5.5.0 or later...

6.8AI score

Exploits0Affected Software1

NVD•added 2019/04/18 2:29 a.m.•14 views

CVE-2019-1829

A vulnerability in the CLI of Cisco Aironet Series Access Points APs could allow an authenticated, local attacker to gain access to the underlying Linux operating system OS without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due ...

7.2CVSS6.4AI score0.00448EPSS

NVD•added 2019/04/18 2:29 a.m.•16 views

CVE-2019-1835

A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...

4.4CVSS4.5AI score0.00768EPSS

Prion•added 2019/04/18 2:29 a.m.•18 views

Input validation

7.2CVSS6.4AI score0.00448EPSS

Prion•added 2019/04/18 2:29 a.m.•17 views

Directory traversal

2.1CVSS4.6AI score0.00768EPSS

NVD•added 2019/04/18 1:29 a.m.•20 views

CVE-2019-1805

A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...

5.4CVSS4.8AI score0.00545EPSS

NVD•added 2019/04/18 1:29 a.m.•22 views

CVE-2019-1725

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

5.5CVSS5.5AI score0.00368EPSS

Prion•added 2019/04/18 1:29 a.m.•15 views

Input validation

3.6CVSS5.5AI score0.00368EPSS

Prion•added 2019/04/18 1:29 a.m.•20 views

Design/Logic Flaw

3.3CVSS4.6AI score0.00545EPSS