CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2019/09/30 12:15 p.m.•1 views

UBUNTU-CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

9.8CVSS5.8AI score0.0083EPSS

Exploits1References5

UbuntuCve•added 2019/09/23 4:15 p.m.•23 views

CVE-2019-12407

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive...

6.1CVSS6.4AI score0.04421EPSS

Cvelist•added 2019/09/23 3:40 p.m.•17 views

CVE-2019-12407

6AI score0.04421EPSS

Oracle linux•added 2019/09/19 12:0 a.m.•110 views

patch security update

2.7.6-9 - CVE-2018-20969, invoke ed directly instead of using the shell...

9.3CVSS1.7AI score0.0205EPSS

Exploits1

RedHat Linux•added 2019/08/08 10:8 a.m.•2 views

solr: remote code execution due to unsafe deserialization

A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks...

9.8CVSS8AI score0.93545EPSS

Exploits1References4

IBM Security Bulletins•added 2019/07/25 2:55 p.m.•14 views

Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885)

Summary A vulnerability in IBM Business Space can allow an attacker to cause an external service invocation. Vulnerability Details CVEID: CVE-2018-1885 DESCRIPTION: IBM Business Space could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. CV...

5.3CVSS1.7AI score0.00191EPSS

Exploits0Affected Software1

OpenVAS•added 2019/07/01 12:0 a.m.•31 views

Microsoft Windows: Turn on PowerShell Script Block Logging

This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or throug...

7.1AI score

RedHat Linux•added 2019/06/04 1:25 p.m.•0 views

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

myhack58•added 2019/05/25 12:0 a.m.•336 views

The original Java deserialization remote execution vulnerabilities so simple-vulnerability warning-the black bar safety net

Here we for Java deserialization issue caused remote code execution vulnerability principles are introduced. In order to simplify the description,without introducing a 3rd party library under the premise of the Operation, HOPE can serve to initiate the effect. There are 3 main parts: The Java...

1.5AI score

Exploits0

OSV•added 2019/05/17 4:29 p.m.•1 views

CVE-2019-5931

Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors...

8.7CVSS7.3AI score0.00386EPSS

Exploits0References2

RedHat Linux•added 2019/05/16 1:25 p.m.•5 views

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

RedHat Linux•added 2019/05/13 9:8 p.m.•3 views

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

RedHat Linux•added 2019/05/13 7:1 a.m.•2 views

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

OSV•added 2019/04/23 8:32 p.m.•1 views

CVE-2019-7727

In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TC...

9.8CVSS7.6AI score0.02367EPSS

Exploits0References3

OSV•added 2019/04/23 12:0 a.m.•1 views

UBUNTU-CVE-2019-2684

5.9CVSS6.8AI score0.01264EPSS

RedHat Linux•added 2019/04/22 4:10 p.m.•3 views

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

CNVD•added 2019/04/18 12:0 a.m.•2 views

Oracle Java SE and Java SE Embedded Access Control Error Vulnerability (CNVD-2019-26758)

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

7.5CVSS8.3AI score0.00233EPSS

CNVD•added 2019/04/18 12:0 a.m.•2 views

Oracle Java SE and Java SE Embedded Access Control Error Vulnerability (CNVD-2019-26750)

5.9CVSS8.3AI score0.01264EPSS