CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

6.5CVSS5.9AI score

Exploits0References1

Github Security Blog•added 2023/05/01 1:43 p.m.•20 views

Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.3.1 may be vulnerable to a remote file access exploit if they are not limiting who can query their server for example,...

9.8CVSS7.3AI score0.93314EPSS

Exploits2References2Affected Software1

SUSE CVE•added 2023/02/15 4:56 a.m.•1 views

SUSE CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private...

5.9CVSS7.5AI score0.01217EPSS

Exploits0References6

Veracode•added 2021/12/20 1:56 p.m.•16 views

Directory Traversal

http-server-node is vulnerable to directory traversal. The vulnerability exists due to lack of sanitization of user inputs which allows an attacker to gain access to the files outside of the server scope...

9.8CVSS4.8AI score0.00641EPSS

Exploits1References2Affected Software1

OSV•added 2020/07/16 6:15 p.m.•0 views

CVE-2020-3437

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

6.5CVSS6.9AI score

Exploits0References2

OSV•added 2020/06/03 6:15 p.m.•1 views

CVE-2020-3223

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacke...

4.9CVSS5.9AI score

Exploits0References1

OSV•added 2016/11/17 5:59 a.m.•1 views

DEBIAN-CVE-2016-9373

5.9CVSS6.4AI score0.01217EPSS

Exploits0References1

OSV•added 2016/11/17 5:59 a.m.•0 views

UBUNTU-CVE-2016-9373

5.9CVSS6.6AI score0.01217EPSS

Exploits0References5

Rows per page