CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2023/02/24 5:15 a.m.•13 views

Buffer overflow

6.4CVSS8AI score0.00353EPSS

CVE•added 2023/02/24 5:0 a.m.•58 views

CVE-2023-26102

CVE-2023-26102 affects the rangy package, where all versions are vulnerable to a prototype pollution flaw in the extend() function of rangy-core.js. The vulnerability arises from an unsafe recursive merge that can copy attacker-controlled properties onto Object.prototype, enabling pollution of al...

8.2CVSS8.1AI score0.00353EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/02/24 5:0 a.m.•4 views

CVE-2023-26102

7.5CVSS8.1AI score0.00353EPSS

F5 Networks•added 2023/02/21 6:48 p.m.•44 views

K44318398: Net-SNMP vulnerability CVE-2020-15862

Security Advisory Description Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. CVE-2020-15862 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

7.8CVSS6.8AI score0.00118EPSS

Exploits0

CNNVD•added 2023/02/17 12:0 a.m.•2 views

BearAdmin 代码问题漏洞

BearAdmin is yupoxiong individual developer's backend management system based on ThinkPHP6.0+AdminLTE3.2. BearAdmin suffers from a security vulnerability that originates from allowing an attacker to execute arbitrary remote code via the Upfile function in the extend/tools/Ueditor endpoint...

9.8CVSS9.1AI score0.00344EPSS

SUSE CVE•added 2023/02/15 6:0 a.m.•1 views

SUSE CVE-2010-0285

gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor...

5.6CVSS6.9AI score0.00083EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:42 a.m.•1 views

SUSE CVE-2013-0242

Buffer overflow in the extendbuffers function in the regular expression matcher posix/regexec.c in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service memory corruption and crash via crafted multibyte characters...

5CVSS7.3AI score0.02113EPSS

Exploits0References9

SUSE CVE•added 2023/02/15 5:30 a.m.•1 views

SUSE CVE-2014-2038

The nfscanextendwrite function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by...

2.1CVSS5AI score0.00051EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:45 a.m.•2 views

SUSE CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

5.3CVSS10AI score0.04586EPSS

Exploits1References12

SUSE CVE•added 2023/02/15 4:42 a.m.•1 views

SUSE CVE-2017-11553

There is an illegal address access in the extendaliastable function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service...

3.3CVSS6.9AI score0.01065EPSS

Exploits1References8

Positive Technologies•added 2023/02/14 12:0 a.m.•2 views

PT-2023-36098 · Safemem +1 · Safemem +1

Name of the Vulnerable Software and Affected Versions: safemem affected versions not specified Description: The safemem repository has been archived by its author, with the latest crates.io release dating back to 2019. For migration purposes, several functions can be replaced with their equivalen...

6.9AI score

Exploits0References4

RedHat Linux•added 2023/01/31 1:18 p.m.•3 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

RedHat Linux•added 2023/01/31 1:15 p.m.•3 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

RedHat Linux•added 2023/01/31 1:15 p.m.•4 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

RedHat Linux•added 2023/01/31 1:12 p.m.•2 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Tenable Nessus•added 2023/01/23 12:0 a.m.•37 views

RHEL 7 : rh-nodejs8-nodejs (RHSA-2020:2625)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2625 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7.1AI score0.01227EPSS

Exploits4References18

Snyk•added 2022/12/29 1:36 p.m.•1 views

Prototype Pollution

Overview collection.js is a Minimalistic JavaScript library for working with collections of data. Affected versions of this package are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. PoC javascript var collection = require"collection.js"...

7.5CVSS8AI score0.00153EPSS

Snyk•added 2022/12/28 9:36 a.m.•3 views

Prototype Pollution

Overview progressbar.js is a Responsive and slick progress bars with animated SVG paths Affected versions of this package are vulnerable to Prototype Pollution via the function extend in the file utils.js. PoC js var progressbar = require"progressbar.js" BADJSON = JSON.parse'"proto":"test":123';...

9.8CVSS9AI score0.00077EPSS