CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2272 matches found

CVE•added 2018/05/08 6:0 p.m.•82 views

CVE-2017-2611

CVE-2017-2611 affects Jenkins before 2.44 and 2.32.2. The issue is an insufficient permission check for periodic processes: the /workspaceCleanup and /fingerprintCleanup URLs did not enforce permissions, allowing users with read access to trigger these daily background tasks. This could lead to u...

4.3CVSS4.5AI score0.02071EPSS

Exploits0References4Affected Software1

Cvelist•added 2018/05/08 6:0 p.m.•23 views

CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes SECURITY-389. The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes that a...

4.3CVSS4.7AI score0.02071EPSS

Exploits0References4

OpenVAS•added 2018/04/30 12:0 a.m.•96 views

Microsoft Windows 10: Create permanent shared objects

This user right determines which accounts can be used by processes to create a directory object by using the object manager. Directory objects include Active Directory objects, files and folders, printers, registry keys, processes, and threads. Users who have this capability can create permanent...

7.2AI score

Exploits0

AlpineLinux•added 2018/04/29 9:0 p.m.•41 views

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

4.7CVSS6.1AI score0.00831EPSS

Exploits0

OSV•added 2018/04/29 12:0 a.m.•0 views

UBUNTU-CVE-2018-10545

4.7CVSS6.7AI score0.00831EPSS

Exploits0References6

FireEye•added 2018/04/23 3:0 p.m.•38 views

Loading Kernel Shellcode

In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around...

7.6AI score

Exploits0References11

Kitploit•added 2018/04/14 1:10 p.m.•14 views

Mimic - A Tool For Covert Execution In Linux

mimic is a tool for covert execution on Linux x8664. What is "covert execution"? Covert execution is the art of hiding a process. In this case, mimic hides the process in plain sight. mimic can launch any program and make it look like any other program. Any user can use it. It does not require...

7.3AI score

Exploits0References1

Tenable Nessus•added 2018/04/10 12:0 a.m.•11 views

Fedora 27 : php (2018-12f92ff831)

PHP version 7.1.16 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

5.5AI score

Exploits0References1

NVD•added 2018/04/04 2:29 p.m.•9 views

CVE-2018-6919

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts...

7.5CVSS7.3AI score0.01441EPSS

Exploits0References2

Prion•added 2018/04/04 2:29 p.m.•13 views

Design/Logic Flaw

5CVSS7.3AI score0.01441EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/04/04 2:0 p.m.•13 views

CVE-2018-6919

7.3AI score0.01441EPSS

Exploits0References2

Qualys Blog•added 2018/03/19 4:0 p.m.•60 views

Webcast Q&A: The GDPR Deadline Readiness and Impact to Global Organizations Outside the EU

With the EU’s General Data Protection Regulation GDPR going into effect in late May, organizations are hungry for clarifying information regarding its vaguely-worded requirements, in particular as they apply to cyber security and IT compliance. This interest in better understanding how to comply...

6.5AI score

Exploits0

UbuntuCve•added 2018/03/19 2:29 a.m.•29 views

CVE-2017-18240

The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL when the service is...

5.5CVSS6.5AI score0.00374EPSS

Exploits0References1

OSV•added 2018/03/19 2:29 a.m.•18 views

CVE-2017-18240

5.5CVSS5.8AI score0.00374EPSS

Exploits0References3

RedHat Linux•added 2018/03/12 6:21 p.m.•3 views

chromium-browser: information disclosure in ipc call

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes...

6.5CVSS7.4AI score0.01373EPSS

Exploits1References5

Prion•added 2018/03/12 4:29 a.m.•17 views

Command injection

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...

2.1CVSS5.7AI score0.00253EPSS

Exploits0References1Affected Software1

UbuntuCve•added 2018/03/12 4:29 a.m.•23 views

CVE-2017-18226

5.5CVSS6.5AI score0.00253EPSS

Exploits0References2

OSV•added 2018/03/12 4:29 a.m.•10 views

CVE-2017-18226

5.5CVSS5.8AI score

Exploits0References1

Cvelist•added 2018/03/12 4:0 a.m.•28 views

CVE-2017-18226