CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

OSV•added 2026/04/25 8:50 a.m.•4 views

CLSA-2026-1777038917 subversion: Fix of CVE-2017-9800

CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...

9.8CVSS6.3AI score0.67275EPSS

Exploits3References1

CloudLinux•added 2026/04/25 8:50 a.m.•3 views

subversion: Fix of CVE-2017-9800

CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...

9.8CVSS8.4AI score0.67275EPSS

Exploits3

OSV•added 2026/04/24 8:48 p.m.•4 views

CLSA-2026-1777040144 subversion: Fix of CVE-2017-9800

CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...

9.8CVSS6.3AI score0.67275EPSS

Exploits3References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-49200

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.01003EPSS

Exploits0References9

VulnCheck KEV•added 2025/06/28 12:0 a.m.•2 views

VulnCheck KEV: CVE-2024-54763

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication...

6.5CVSS5.8AI score0.07306EPSS

In wildExploits0References52

Positive Technologies•added 2025/01/06 12:0 a.m.•3 views

PT-2025-3069 · Iptime · Iptime A2004

Name of the Vulnerable Software and Affected Versions: ipTIME A2004 version 12.17.0 Description: An access control issue in the component /login/hostinfo.cgi allows attackers to obtain sensitive information without authentication. Recommendations: For ipTIME A2004 version 12.17.0, consider...

6.5CVSS6.4AI score0.07306EPSS

Exploits0References5

NVD•added 2024/07/31 7:15 p.m.•11 views

CVE-2024-41108

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that...

7.5CVSS0.00408EPSS

Exploits1References3

CVE•added 2024/07/31 7:4 p.m.•46 views

CVE-2024-41108

CVE-2024-41108 (FOG) affects the hostinfo page in FOG, where missing/improper access control allows configuration data to be retrieved using only the host’s MAC address, but only if a task is pending on that host; otherwise an error "Invalid tasking!" is returned. The domain password in the hosti...

7.5CVSS7.3AI score0.00408EPSS

Exploits1References3Affected Software1

CNNVD•added 2024/07/31 12:0 a.m.•0 views

FOGProject 安全漏洞

FOGProject is a free open source network computer cloning and management solution from FOGProject Open Source. It can be used to deploy and manage any desktop operating system. FOGProject has a security vulnerability that stems from a lack of access control on the hostinfo page, which only requir...

7.5CVSS6.7AI score0.00408EPSS

Exploits1References4

Positive Technologies•added 2024/07/31 12:0 a.m.•2 views

PT-2024-29266 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.41 Description: The hostinfo page in FOG has missing or improper access control, allowing configuration information to be obtained using only the host's mac address, but only if a task is pending on that host...

7.5CVSS6.5AI score0.00408EPSS

Exploits1References7

Tenable Nessus•added 2024/04/29 12:0 a.m.•16 views

Fedora 37 : awstats (2023-b645c7feda)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b645c7feda advisory. Security fix for CVE-2022-46391 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

6.1CVSS7.2AI score0.01003EPSS

Exploits0References2

OSV•added 2023/02/28 8:23 a.m.•0 views

USN-5899-1 awstats vulnerability

It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...

6.1CVSS5.7AI score0.01003EPSS

Exploits0References2

Veracode•added 2022/12/14 11:5 p.m.•26 views

Cross-site Scripting (XSS)

awstats is vulnerable to cross-site scripting. The vulnerability exists in the hostinfo plugin due to printing a response from Net::XWhois without proper validation checks...

6.1CVSS5.8AI score0.01003EPSS

Exploits0References7Affected Software3