CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

96 matches found

OpenVAS•added 2021/01/19 12:0 a.m.•14 views

Elastic Elasticsearch Security Information Disclosure Vulnerability (ESA-2018-19)

Elasticsearch Security is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS5.6AI score0.0028EPSS

Exploits0References2

Check Point Advisories•added 2020/07/28 12:0 a.m.•4 views

Elasticsearch MachineLearning XML External Entities (CVE-2018-17247)

An XML external entities vulnerability exists in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the...

4.3CVSS2.2AI score0.0028EPSS

Exploits0

Tenable Nessus•added 2019/01/18 12:0 a.m.•40 views

Elasticsearch ESA-2018-19

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learnings findfilestructure API. If a policy allowing external network access has been added to Elasticsearchs Java Security Manager then an attacker could send a specially crafted request capable of leaking content of...

5.9CVSS5.8AI score0.0028EPSS

Exploits0References2

Veracode•added 2019/01/15 9:1 a.m.•29 views

Remote Code Execution

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator is vulnerable to remote code execution. It is possible because it does not enforce Java Security Manager JSM restrictions, thereby allowing the attacker to trigger restricted reflection calls via a malicious...

5CVSS6.7AI score0.00532EPSS

Exploits0References33Affected Software96

NVD•added 2018/12/20 10:29 p.m.•10 views

CVE-2018-17247

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

5.9CVSS5.4AI score0.0028EPSS

Exploits0References3

Prion•added 2018/12/20 10:29 p.m.•15 views

Information disclosure

4.3CVSS5.4AI score0.0028EPSS

Exploits0References3Affected Software1

Cvelist•added 2018/12/20 10:0 p.m.•21 views

CVE-2018-17247

5.4AI score0.0028EPSS

Exploits0References3

Veracode•added 2018/05/08 5:55 a.m.•42 views

Insecure Defaults

Apache Derby is vulnerable to insecure defaults. An attacker can send network packets to a Derby Network Server to maliciously boot a database under their control control. The attack is only possible when the Java Security Manager policy file permits the reading of database locations, which is th...

5.3CVSS6.8AI score0.00772EPSS

Exploits0References17Affected Software1

RedhatCVE•added 2018/05/07 2:19 p.m.•41 views

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

7.5CVSS1.8AI score0.00772EPSS

Exploits0References1

UbuntuCve•added 2018/05/07 1:29 p.m.•24 views

CVE-2018-1313

5.3CVSS6.8AI score0.00772EPSS

Exploits0References3

OSV•added 2018/05/07 1:29 p.m.•10 views

CVE-2018-1313

5.3CVSS5.1AI score

Exploits0References9

OSV•added 2018/05/07 1:29 p.m.•0 views

UBUNTU-CVE-2018-1313

5.3CVSS7.1AI score0.00772EPSS

Exploits0References4

Debian CVE•added 2018/05/07 1:0 p.m.•31 views

CVE-2018-1313

5.3CVSS7AI score0.00772EPSS

Exploits0

RedHat Linux•added 2017/08/01 3:43 p.m.•1 views

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

7.5CVSS7.2AI score0.0062EPSS

Exploits0References7

OSV•added 2016/10/03 9:59 p.m.•6 views

CVE-2015-1832

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

9.1CVSS9AI score

Exploits0References13

NVD•added 2016/10/03 9:59 p.m.•17 views

CVE-2015-1832

9.1CVSS8.9AI score0.00818EPSS

Exploits0References13

OSV•added 2016/10/03 9:59 p.m.•2 views

DEBIAN-CVE-2015-1832

9.1CVSS9.1AI score0.00818EPSS

Exploits0References1

UbuntuCve•added 2016/10/03 9:59 p.m.•28 views

CVE-2015-1832