CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

177 matches found

Github Security Blog•added 2025/02/04 12:30 p.m.•13 views

Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS5AI score0.00105EPSS

Exploits0References4Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•36 views

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager ITNCM IP Edition v6.4.2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

5.9CVSS5.7AI score0.00442EPSS

Exploits0Affected Software1

Tenable Nessus•added 2025/01/22 12:0 a.m.•24 views

RHEL 9 : java-17-openjdk security update for RHEL 9.0 and 9.2 (Moderate) (RHSA-2025:0423)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0423 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK:...

4.8CVSS6.7AI score0.002EPSS

Exploits0References4

Tenable Nessus•added 2025/01/21 12:0 a.m.•31 views

Amazon Corretto Java 17.x < 17.0.14.7.1 Vulnerability

The version of Amazon Corretto installed on the remote host is 17 prior to 17.0.14.7.1. It is, therefore, affected by a vulnerability as referenced in the corretto-17-2025-Jan-21 advisory. - hotspot/compiler CVE-2025-21502 Note that Nessus has not tested for this issue but has instead relied only...

4.8CVSS6.6AI score0.002EPSS

Exploits0References1

The Hacker News•added 2024/12/24 6:6 a.m.•23 views

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

The Apache Software Foundation ASF has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution RCE under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigati...

9.9CVSS8.4AI score0.84776EPSS

Exploits12

OSV•added 2024/12/20 4:15 p.m.•8 views

DEBIAN-CVE-2024-56337

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

9.8CVSS7AI score0.1316EPSS

Exploits12References1

OSV•added 2024/12/20 4:15 p.m.•0 views

UBUNTU-CVE-2024-56337

9.8CVSS6.5AI score0.84776EPSS

Exploits12References4

GithubExploit•added 2024/10/05 10:8 a.m.•109 views

Exploit for Code Injection in Geoserver

CVE-2024-36401 vulnerability graphical exploitation t...

9.8CVSS7.4AI score0.94425EPSS

Exploits24

IBM Security Bulletins•added 2024/10/01 11:26 a.m.•12 views

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2rBuffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z. Vulnerability Details Refer to the security bulletins listed in...

7.1AI score

Exploits0Affected Software1

OSV•added 2024/09/13 3:8 p.m.•14 views

RHSA-2018:1974 Red Hat Security Advisory: java-1.7.1-ibm security update