CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

257 matches found

OSV•added 2024/02/27 10:15 a.m.•5 views

CVE-2021-46932

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in flushwork. This warning is caused by work-func == NULL, which means missing work initialization. This may happen, since inputdev-close...

5.5CVSS7.4AI score

Exploits0References8

OSV•added 2024/02/26 6:15 p.m.•1 views

UBUNTU-CVE-2019-25162

In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the putdevice down a bit to avoid the use after free. wsa: added comment to the code, added Fixes tag...

7.8CVSS6.1AI score0.00063EPSS

Exploits0References12

IBM Security Bulletins•added 2024/01/17 8:8 p.m.•28 views

Security Bulletin: There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-47718)

Summary There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-47718 DESCRIPTION: IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious...

8.8CVSS6.4AI score0.00042EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/01/15 6:29 p.m.•39 views

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

9.8CVSS9.3AI score0.93849EPSS

Exploits9Affected Software1

OSV•added 2023/11/15 6:32 p.m.•5 views

GHSA-V626-R774-J7F8 TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

6.1CVSS5.7AI score0.02076EPSS

Exploits0References7

IBM Security Bulletins•added 2023/10/27 2:32 p.m.•72 views

Security Bulletin: There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453)

Summary There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk...

7.5CVSS6.9AI score0.01503EPSS

Exploits2Affected Software1

Tenable Nessus•added 2023/09/06 12:0 a.m.•7 views

Debian dla-3550 : libopendmarc-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3550 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3550-1 [email protected] https://www.debian.org/lts/security/...

5.5AI score

Exploits0References2

NVD•added 2023/08/08 5:15 p.m.•12 views

CVE-2023-39532

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS9.7AI score0.01798EPSS

Exploits1References2

OSV•added 2023/07/20 8:48 p.m.•3 views

CLSA-2023-1689886120 python: Fix of CVE-2023-24329

CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit - Also correct the first CVE-2023-24329 patch: Fix testattributesbadscheme to check for non-ascii symbol as first character of url...

7.5CVSS7AI score0.01445EPSS

Exploits3References1

Positive Technologies•added 2023/06/28 12:0 a.m.•3 views

PT-2023-17969 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: In the xmlParseTryOrFinish function of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution...

7.5CVSS7.4AI score0.00621EPSS

Exploits0References4

CVE•added 2023/05/08 6:4 p.m.•54 views

CVE-2023-30860

CVE-2023-30860 affects WWBN AVideo prior to version 12.4. A normal user can create a Meeting Schedule and invite others, but input is not properly sanitized when creating a Meeting Room, allowing insertion of malicious scripts. Any user, including admins, can view the meeting room, enabling cooki...

8CVSS6AI score0.04161EPSS

Exploits1References2Affected Software1

IBM Security Bulletins•added 2023/05/02 9:10 p.m.•54 views

Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)

Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitiv...

7.5CVSS7.6AI score0.00317EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2023/04/17 1:11 p.m.•60 views

Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)

Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.00175EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/04/04 9:55 p.m.•38 views

Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

Summary There are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function...

7.5CVSS6.4AI score0.47784EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/04/04 9:7 p.m.•54 views

Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-37734)

Summary There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a...

7.5CVSS7.3AI score0.01191EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/04/04 8:41 p.m.•95 views

Security Bulletin: There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-36033)

Summary There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

6.1CVSS6.3AI score0.01777EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/03/29 9:35 a.m.•27 views

Security Bulletin: There is a security vulnerability in Node.js ua-parser-js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25927)

Summary There is a security vulnerability in Node.js ua-parser-js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25927 DESCRIPTION: Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression...

7.5CVSS6.2AI score0.01453EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2023/03/29 9:33 a.m.•23 views

Security Bulletin: There is a security vulnerability in Node.js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-33987)

Summary There is a security vulnerability in Node.js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. B...

5.3CVSS6.2AI score0.0078EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/03/28 1:29 p.m.•50 views

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-41854)

Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a...

6.5CVSS6.4AI score0.00123EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/03/27 8:34 p.m.•33 views

Security Bulletin: There is a vulnerability in jQuery UI used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-31160)

Summary There is a vulnerability in jQuery UI used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio...

6.1CVSS6.4AI score0.07763EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by