CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2020/08/16 4:15 a.m.•0 views

UBUNTU-CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

9.8CVSS5.9AI score0.00664EPSS

Exploits0References3

CNVD•added 2020/07/07 12:0 a.m.•3 views

DLL Hijacking Vulnerability in Dahua Player

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. DLL hijacking vulnerability exists in Dahua Player, which can be exploited by attackers to load malicious dll and execute malicious code...

7.1AI score

OSV•added 2020/05/21 11:15 p.m.•0 views

CVE-2020-1082

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088...

7.8CVSS5.8AI score0.00285EPSS

Exploits0References2

OSV•added 2020/05/21 11:15 p.m.•1 views

CVE-2020-1088

7.8CVSS7.1AI score0.00278EPSS

OSV•added 2020/05/08 2:15 p.m.•18 views

CVE-2019-10169

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...

7.2CVSS7.2AI score0.00608EPSS

CNVD•added 2020/04/17 12:0 a.m.•1 views

Rukovoditel Code Issue Vulnerability

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A security vulnerability exists in Rukovoditel version 2.5.2. An attacker can change the content-type...

9.8CVSS7.3AI score0.00878EPSS

Prion•added 2020/03/30 8:15 p.m.•8 views

Sql injection

odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued...

7.5CVSS8.2AI score0.00281EPSS

Exploits0References1Affected Software1

OSV•added 2020/03/12 4:15 p.m.•1 views

CVE-2020-0776

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique...

7.8CVSS7.2AI score0.00495EPSS

CNVD•added 2020/02/17 12:0 a.m.•2 views

dotCMS code problem vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A code issue vulnerability exists in dotCMS versions prior to 5.2.4 that stems from faulty access control. An...

9.8CVSS7.1AI score0.73493EPSS

exploitpack•added 2019/09/13 3:58 p.m.•19 views

wbNj8EIMfXlmDDE

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

0.4AI score

Cvelist•added 2019/07/25 1:13 p.m.•13 views

CVE-2019-1010172

Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString jsiUtils.c. The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39...

7.5AI score0.00536EPSS

NVD•added 2019/07/23 2:15 p.m.•6 views

CVE-2019-1010169

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexergetchar jsiLexer.c:9. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

7.5CVSS7.5AI score0.00457EPSS

Cvelist•added 2019/07/23 1:43 p.m.•10 views

CVE-2019-1010171

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsiDumpFunctions jsiEval.c:567. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84...

7.5AI score0.00532EPSS

Cvelist•added 2019/07/23 1:41 p.m.•15 views

CVE-2019-1010170

Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function JsiObjFree jsiObj.c:230. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

7.6AI score0.00536EPSS

UbuntuCve•added 2019/07/15 6:15 p.m.•23 views

CVE-2019-1010307

GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting XSS. The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens...

5.4CVSS6.1AI score0.00253EPSS

Exploits1References3

Veracode•added 2019/07/15 2:51 a.m.•10 views

Malicious Package

alico is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

6.5AI score