CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16592 matches found

IBM Security Bulletins•added 2023/11/24 2:37 a.m.•36 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty

Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested...

5.3CVSS5.8AI score0.01069EPSS

Exploits2Affected Software1

Tenable Nessus•added 2023/11/22 12:0 a.m.•32 views

Oracle Linux 8 : squid:4 (ELSA-2023-7213)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7213 advisory. libecap squid 7:4.15-7.1 - Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14776 - squid: squid:...

9.3CVSS7AI score0.85944EPSS

Exploits0References3

Ubuntu•added 2023/11/21 4:36 p.m.•289 views

USN-6501-1: RabbitMQ vulnerability

It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service...

4.9CVSS5.8AI score0.01077EPSS

Exploits0

Ubuntu•added 2023/11/21 3:42 p.m.•78 views

USN-6500-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. CVE-2023-46724 Joshua...

9.3CVSS6.9AI score0.85944EPSS

Exploits0

Tenable Nessus•added 2023/11/21 12:0 a.m.•40 views

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Node.js vulnerabilities (USN-6491-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6491-1 advisory. Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening...

8.1CVSS8AI score0.77278EPSS

Exploits4References7

Tenable Nessus•added 2023/11/21 12:0 a.m.•28 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Squid vulnerabilities (USN-6500-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6500-1 advisory. Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly...

9.3CVSS7AI score0.85944EPSS

Exploits0References6

OSV•added 2023/11/17 6:15 a.m.•18 views

CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a dobinauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. The issue...

7.5CVSS7.4AI score

Exploits0References3

OSV•added 2023/11/17 6:15 a.m.•15 views

CVE-2023-38314

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Servic...

6.5CVSS6.4AI score

Exploits0References3

OSV•added 2023/11/17 6:15 a.m.•15 views

CVE-2023-38313

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a dobinauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS a Denial-of-Service condition...

7.5CVSS7.4AI score

Exploits0References3

OSV•added 2023/11/17 6:15 a.m.•15 views

CVE-2023-38315

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a trytoauthenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Service...

7.5CVSS7.4AI score

Exploits0References3

OSV•added 2023/11/17 6:15 a.m.•3 views

DEBIAN-CVE-2023-38316

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt...

9.8CVSS8.9AI score0.01083EPSS

Exploits0References1

Prion•added 2023/11/17 6:15 a.m.•14 views

Null pointer dereference

4CVSS7.1AI score0.00935EPSS

Exploits0References1Affected Software1

UbuntuCve•added 2023/11/17 6:15 a.m.•20 views

CVE-2023-38314

6.5CVSS6.6AI score0.00935EPSS

Exploits0References3

UbuntuCve•added 2023/11/17 6:15 a.m.•22 views

CVE-2023-38316

9.8CVSS7.2AI score0.01083EPSS

Exploits0References3

CNVD•added 2023/11/17 12:0 a.m.•5 views

Fortinet FortiWLM Path Traversal Vulnerability (CNVD-2025-00417)

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a path traversal vulnerability that stems from the program failing to properly filter for special elements in the path of a resource or file. An attacker could use this vulnerability to read arbitrary files...

7.5CVSS6.6AI score0.00898EPSS

Exploits0References1

CNVD•added 2023/11/17 12:0 a.m.•10 views

Fortinet FortiOS and FortiProxy Denial of Service Vulnerabilities

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. FortiProxy is a web proxy soluti...

6.5CVSS6.6AI score0.01269EPSS

Exploits0References1