CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

372 matches found

Positive Technologies•added 2022/12/08 12:0 a.m.•2 views

PT-2022-36369 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.154 Description: The issue is related to a use after free in the red enqueue function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior t...

7.3AI score

Exploits0References1

Microsoft CVE•added 2022/10/22 7:0 a.m.•3 views

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local unprivileged user to crash the system causing a denial of service.

...

5.5CVSS7.2AI score0.00087EPSS

Exploits0

OSV•added 2022/10/19 6:15 p.m.•0 views

UBUNTU-CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing...

5.5CVSS6.8AI score0.00087EPSS

Exploits0References20

CVE•added 2022/10/19 12:0 a.m.•226 views

CVE-2022-3586

CVE-2022-3586 : A use-after-free in the Linux kernel networking path (sch_sfb enqueue function using SKB cb field after enqueueing/freeding into a child qdisc) allows a local, unprivileged user to crash the system, causing a denial of service. Affected component: kernel networking code; root caus...

5.5CVSS6.4AI score0.00087EPSS

Exploits0References3Affected Software1

Debian CVE•added 2022/10/19 12:0 a.m.•37 views

CVE-2022-3586

5.5CVSS5.6AI score0.00087EPSS

Exploits0

OSV•added 2022/10/02 1:45 p.m.•12 views

GSD-2022-1006445 sch_sfb: Don't assume the skb is still around after enqueueing to child

schsfb: Don't assume the skb is still around after enqueueing to child This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.293 by commit...

7.2AI score

Exploits0

OSV•added 2022/06/13 1:15 p.m.•1 views

CVE-2021-25116

The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put...

6.5CVSS5.9AI score0.00097EPSS

Exploits2References1

NVD•added 2022/06/13 1:15 p.m.•8 views

CVE-2021-25116

6.5CVSS0.00097EPSS

Exploits2References1

Cvelist•added 2022/06/13 12:41 p.m.•13 views

CVE-2021-25116 Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion

6.7AI score0.00097EPSS

Exploits2References1

CVE•added 2022/06/13 12:41 p.m.•68 views

CVE-2021-25116

CVE-2021-25116 affects the WordPress plugin Enqueue Anything (versions ≤ 1.0.1). The vulnerability stems from missing authorization and CSRF checks in the remove_asset AJAX action and failure to verify that the target is actually an asset, allowing low-privilege users (e.g., subscribers) to delet...

6.5CVSS6.4AI score0.00097EPSS

Exploits2References1Affected Software1

CNNVD•added 2022/06/13 12:0 a.m.•1 views

WordPress plugin Enqueue Anything 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

6.5CVSS5.8AI score0.00097EPSS

Exploits2References2

Positive Technologies•added 2022/06/13 12:0 a.m.•2 views

PT-2022-9671 · WordPress · Enqueue Anything

Name of the Vulnerable Software and Affected Versions: Enqueue Anything WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue is related to the lack of authorization and CSRF checks in the remove asset AJAX action. This allows low-privilege users, such as subscribers, to delete...

6.5CVSS6.3AI score0.00097EPSS

Exploits2References4

wpexploit•added 2022/05/17 12:0 a.m.•105 views

Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion

The plugin does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. v1.0.1 added...

6.5CVSS0.4AI score0.00097EPSS

Exploits2

WPVulnDB•added 2022/05/17 12:0 a.m.•17 views

Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion

6.5CVSS2.1AI score0.00097EPSS

Exploits2Affected Software1

OSV•added 2021/06/09 2:15 p.m.•0 views

CVE-2021-27630

SAP NetWeaver ABAP Server and ABAP Platform Enqueue Server, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a...

7.5CVSS7.1AI score0.00324EPSS

Exploits0References2

NVD•added 2021/06/09 2:15 p.m.•9 views

CVE-2021-27632

7.5CVSS0.00324EPSS

Exploits0References2

OSV•added 2021/06/09 2:15 p.m.•0 views

CVE-2021-27632

7.5CVSS7.1AI score

Exploits0References2

NVD•added 2021/06/09 2:15 p.m.•13 views

CVE-2021-27630