CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2019/02/28 12:0 a.m.•1 views

SOFA-Hessian Arbitrary Command Execution Vulnerability

SOFA-Hessian is an open source binary serialization protocol . A security vulnerability exists in SOFA-Hessian 4.0.2 and earlier versions, which stems from the program failing to blacklist com.caucho.naming.Qname and com.sun.org.apache.xpath.internal.objects.Xstring. A remote attacker can exploit...

9.8CVSS7.6AI score0.0088EPSS

CVE•added 2019/02/19 5:0 p.m.•229 views

CVE-2019-5772

The CVE-2019-5772 entry affects Google Chrome's PDFium component. Description: Sharing of objects over calls into the JavaScript runtime in PDFium can lead to heap corruption when processing a crafted PDF, enabling a remote attacker to potentially exploit the issue. Affected product/area: Chrome ...

8.8CVSS6.2AI score0.01313EPSS

Exploits0References7Affected Software1

OpenVAS•added 2019/02/18 12:0 a.m.•8 views

Integration Objects' Industrial IoT Gateway Detection (Windows SMB Login)

Detects the installed version of Integration Objects SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVAS•added 2019/02/18 12:0 a.m.•13 views

Integration Objects' OPC Driver for Databases Detection (Windows SMB Login)

OpenVAS•added 2019/02/16 12:0 a.m.•20 views

Integration Objects' OPC UA Server for Databases Detection (Windows SMB Login)

OSV•added 2019/02/15 6:29 p.m.•1 views

CVE-2019-0259

SAP BusinessObjects, versions 4.2 and 4.3, Visual Difference allows an attacker to upload any file including script files without proper file format validation...

9.8CVSS5.8AI score0.00685EPSS

Exploits0References3

CNVD•added 2019/02/15 12:0 a.m.•1 views

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2019-04858)

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site scripting vulnerability in SAP BusinessObjects Business...

6.1CVSS6.7AI score0.00314EPSS

OpenVAS•added 2019/02/15 12:0 a.m.•12 views

Integration Objects' OPC UA Wrapper Detection (Windows SMB Login)

Microsoft CVE•added 2019/02/12 8:0 a.m.•31 views

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

9.3CVSS4.4AI score0.29762EPSS

Microsoft CVE•added 2019/02/12 8:0 a.m.•27 views

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

6.5CVSS1.8AI score0.25751EPSS

Microsoft CVE•added 2019/02/12 8:0 a.m.•27 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by...

5.5CVSS1.9AI score0.00412EPSS

Microsoft CVE•added 2019/02/12 8:0 a.m.•36 views

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious...

6.5CVSS1.4AI score0.23824EPSS

Microsoft CVE•added 2019/02/12 8:0 a.m.•29 views

Win32k Information Disclosure Vulnerability

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log ...

5.5CVSS1.4AI score0.00412EPSS

Microsoft CVE•added 2019/02/12 8:0 a.m.•24 views

Windows GDI Information Disclosure Vulnerability

6.5CVSS1.8AI score0.25751EPSS

VulnCheck KEV•added 2019/02/12 12:0 a.m.•0 views

VulnCheck KEV: CVE-2019-0676

6.5CVSS7.1AI score0.23824EPSS

Positive Technologies•added 2019/02/04 12:0 a.m.•2 views

PT-2019-5664 · Red Hat +5 · Sssd +6

Name of the Vulnerable Software and Affected Versions: sssd affected versions not specified Description: A flaw was found in the sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to too strict permission settings on the server side, SSSD will allow all authenticat...

9.3CVSS6.7AI score0.01085EPSS

Exploits1References77

OpenVAS•added 2019/01/31 12:0 a.m.•47 views

Open-Xchange (OX) App Suite XSS Vulnerability (59507)

File names of attachments of PIM objects appointments, contacts, tasks can be used to inject script code. Sharing such objects with other users allows to attack them. This requires both a trust relationship between those users - or both have to be provisioned to the same context. Copyright C 2019...

5.4CVSS5.5AI score0.00195EPSS

Exploits2References1

Exploit DB•added 2019/01/31 12:0 a.m.•75 views

macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem

/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...

7.4AI score