CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

UbuntuCve•added 2021/06/10 11:15 p.m.•19 views

CVE-2020-23314

There is an Assertion 'blockfound' failed at js-parser-statm.c:2003 parserparsetrystatementend in JerryScript 2.2.0...

7.5CVSS7.1AI score0.00274EPSS

Exploits1References2

UbuntuCve•added 2020/05/18 5:15 p.m.•16 views

CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webma...

6.1CVSS6.4AI score0.00499EPSS

Exploits0References3

UbuntuCve•added 2018/06/07 2:29 a.m.•34 views

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

6.5CVSS6.6AI score0.00249EPSS

Exploits2References4

UbuntuCve•added 2017/10/22 12:0 a.m.•24 views

CVE-2017-15228

Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string...

7.5CVSS7.1AI score0.00304EPSS

Exploits0References4

UbuntuCve•added 2017/08/13 12:0 a.m.•25 views

CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

7.5CVSS7.2AI score0.02504EPSS

Exploits1References3

UbuntuCve•added 2016/04/13 4:59 p.m.•25 views

CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

6.1CVSS6.5AI score0.00676EPSS

Exploits1References3

UbuntuCve•added 2013/03/19 2:55 p.m.•20 views

CVE-2013-0327

Cross-site request forgery CSRF vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors...

6.8CVSS5.9AI score0.00239EPSS

Exploits0References2

UbuntuCve•added 2013/02/08 12:0 a.m.•23 views

CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

4.3CVSS5.9AI score0.00935EPSS

Exploits0References3

Tenable Nessus•added 2010/07/01 12:0 a.m.•14 views

Fedora 13 : znc-0.090-2.fc13 (2010-10042)

Bug 603915 - znc: NULL pointer dereference flaw leads to segfault under certain conditions A Debian bug report 1 noted that ZNC would segfault under certain conditions, such as clicking 'traffic' in the webadmin pages or issuing the traffic command on the /znc shell. This has been corrected...

3.5CVSS5.4AI score0.01247EPSS

Exploits0References5

UbuntuCve•added 2005/10/05 9:2 p.m.•16 views

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

2.1CVSS5.8AI score0.00221EPSS

Exploits1References1