CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9188 matches found

Prion•added 2018/06/18 12:29 p.m.•17 views

Design/Logic Flaw

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

7.5CVSS9.7AI score0.03296EPSS

Exploits1References3Affected Software1

OSV•added 2018/06/18 12:29 p.m.•2 views

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

9.8CVSS6AI score0.79692EPSS

Exploits1References7

CVE•added 2018/06/18 12:0 p.m.•121 views

CVE-2018-12533

CVE-2018-12533 affects Red Hat JBoss RichFaces 3.1.0–3.3.4, enabling unauthenticated attackers to inject EL expressions and execute arbitrary Java code via a /DATA/ path substring in a request containing a org.richfaces.renderkit.html.Paint2DResource$ImageData object (RF-14310). Public detail in ...

9.8CVSS9.6AI score0.79692EPSS

Exploits1References7Affected Software1

Cvelist•added 2018/06/18 12:0 p.m.•15 views

CVE-2018-12532

9.8AI score0.03296EPSS

Exploits1References3

IBM Security Bulletins•added 2018/06/17 5:13 a.m.•22 views

Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool

Summary Two ReDoS vulnerabilities in modules included in the Node.js npm tool shipped by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2016-2515 DESCRIPTION: Node.JS hawk is vulnerable to a denial of service, caused by an error in the regular expressi...

7.8CVSS0.3AI score0.05317EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2018/06/16 9:31 p.m.•49 views

Security Bulletin: Open Source Apache Tomcat as used in IBM QRadar SIEM is vulnerable to a security bypass. (CVE-2014-7810)

Summary Open Source Apache Tomcat Security Manager bypass. Vulnerability Details CVE-ID: CVE-2014-7810 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the...

5CVSS0.8AI score0.0993EPSS

Exploits0Affected Software1

Zero Day Initiative•added 2018/06/13 12:0 a.m.•26 views

npm mosca Regular Expression Parsing Denial-of-Service Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can...

7.1CVSS3.9AI score0.12358EPSS

Exploits0

CNVD•added 2018/06/11 12:0 a.m.•1 views

BIRD Internet Routing Daemon Denial of Service Vulnerability

The BIRD Internet Routing Daemon is a full-featured dynamic IP routing daemon used on UNIX-like systems. A security vulnerability exists in BIRD Internet Routing Daemon versions prior to 1.6.4. A local attacker can exploit this vulnerability to cause a denial of service stack depletion and daemon...

5.5CVSS6.5AI score0.00144EPSS

Exploits0References1

Cvelist•added 2018/06/08 1:0 p.m.•20 views

CVE-2018-8926

Permissive regular expression vulnerability in synophotodsmuser in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter...

8.8CVSS8.6AI score0.00406EPSS

Exploits0References1

RedhatCVE•added 2018/06/07 9:19 p.m.•19 views

CVE-2017-16118

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS3.8AI score0.006EPSS

Exploits0References1

RedhatCVE•added 2018/06/07 8:49 p.m.•23 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS3.1AI score0.00328EPSS

Exploits0References2

Veracode•added 2018/06/07 3:42 p.m.•12 views

Regular Expression Denial Of Service (ReDoS)

no-case is vulnerable to regular expression denial of service ReDoS attacks. The library does not properly sanitize user input strings, causing slowdown when matching strings that can lead to a ReDoS...

7.5CVSS7.2AI score0.00334EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2018/06/07 8:49 a.m.•23 views

CVE-2017-16137

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

5.3CVSS4.9AI score0.00102EPSS

Exploits0References1

RedhatCVE•added 2018/06/07 8:18 a.m.•20 views

CVE-2017-16138

The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input...

7.5CVSS2.9AI score0.00433EPSS

Exploits1References2