CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4943 matches found

Cvelist•added 2015/02/13 2:0 a.m.•23 views

CVE-2014-6139

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter...

6.1AI score0.00995EPSS

Exploits0References1

RedHat Linux•added 2015/02/11 5:38 p.m.•5 views

ovirt-engine: cross-site request forgery (CSRF)

A Cross-Site Request Forgery CSRF flaw was found in the oVirt REST API. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid REST API session, would allow the attacker to trigger calls to the oVirt REST API...

6.8CVSS5.8AI score0.00644EPSS

Exploits1References4

RedHat Linux•added 2015/02/11 5:38 p.m.•41 views

Important: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager 3.5.0

Red Hat Enterprise Virtualization Manager 3.5.0 is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links...

6.8CVSS6.2AI score0.09149EPSS

Exploits2References184

NVD•added 2015/01/16 4:59 p.m.•19 views

CVE-2014-7814

SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine CFME 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter...

6.5CVSS7.8AI score0.01414EPSS

Exploits0References2

Prion•added 2015/01/16 4:59 p.m.•11 views

Sql injection

SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine CFME 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter...

6.5CVSS8.4AI score0.01414EPSS

Exploits0References2Affected Software1

NVD•added 2015/01/15 3:59 p.m.•39 views

CVE-2014-7811

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

3.5CVSS5.3AI score0.01463EPSS

Exploits0References3

Prion•added 2015/01/15 3:59 p.m.•20 views

Cross site scripting

3.5CVSS5.7AI score0.01463EPSS

Exploits0References3Affected Software2

CVE•added 2015/01/15 3:0 p.m.•66 views

CVE-2014-7811

CVE-2014-7811: Spacewalk and RHN Satellite before 5.7.0 are affected by cross-site scripting via crafted XML data in the REST API. Remote authenticated users can inject arbitrary scripts/HTML. Remediation: upgrade to Spacewalk/RHN Satellite 5.7.0 (per RHSA-2015:0033) or apply related patches. Not...

3.5CVSS5.2AI score0.01463EPSS

Exploits0References3Affected Software2

Cvelist•added 2015/01/15 3:0 p.m.•45 views

CVE-2014-7811

5.3AI score0.01463EPSS

Exploits0References3

RedHat Linux•added 2015/01/14 7:41 p.m.•5 views

CFME: REST API SQL Injection

It was found that CloudForms 4 exposed SQL filters via the REST API without any input escaping. An authenticated user could use this flaw to perform SQL injection attacks against the CloudForms Management Engine database...

6.5CVSS7.4AI score0.01414EPSS

Exploits0References4

RedHat Linux•added 2015/01/14 7:41 p.m.•38 views

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

10CVSS7.4AI score0.02946EPSS

Exploits0References30

RedHat Linux•added 2015/01/12 5:6 p.m.•66 views

Moderate: Red Hat Security Advisory: Red Hat Satellite 5.7.0 General Availability

Red Hat Satellite 5.7.0 is now available. Updated packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Satellite 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVS...

3.5CVSS5.9AI score0.01463EPSS

Exploits0References4

Atlassian•added 2014/12/18 3:41 a.m.•18 views

Use of atlassian-whitelist plugin allows CORS access to origins which it should not

The ApplicationLinkMatcher class|https://bitbucket.org/atlassian/atlassian-whitelist/src/9ba2728450d8fe880d3d30e74cc0c75a427e66fb/atlassian-whitelist-api-plugin/src/main/java/com/atlassian/plugins/whitelist/applinks/ApplicationLinkMatcher.java?at=master and the SelfUrlMatcher...

6.7AI score

Exploits0Affected Software1

Tenable Nessus•added 2014/11/17 12:0 a.m.•32 views

RHEL 6 : Storage Server (RHSA-2013:1263)

Updated Red Hat Storage Console packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Storage Server 2.1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

5CVSS8AI score0.03213EPSS

Exploits0References4

Tenable Nessus•added 2014/11/17 12:0 a.m.•30 views

RHEL 6 : rhevm (RHSA-2012:0421)

Updated rhevm packages that fix one security issue and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the...

5CVSS7.9AI score0.03213EPSS

Exploits0References6

Tenable Nessus•added 2014/11/08 12:0 a.m.•30 views

RHEL 6 : rhevm (RHSA-2014:0506)

Red Hat Enterprise Virtualization Manager 3.4 is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CV...

6.8CVSS5.6AI score0.01757EPSS

Exploits1References6

NVD•added 2014/10/07 10:55 a.m.•13 views

CVE-2014-0940

Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 REST API or 2 Self Service UI...

4.3CVSS5.5AI score0.01161EPSS

Exploits0References5

Prion•added 2014/10/07 10:55 a.m.•15 views

Cross site scripting

4.3CVSS5.8AI score0.01161EPSS

Exploits0References5Affected Software1

Cvelist•added 2014/10/07 10:0 a.m.•18 views

CVE-2014-0940

5.5AI score0.01161EPSS

Exploits0References5

Prion•added 2014/09/08 2:55 p.m.•16 views

Cross site request forgery (csrf)

The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page...

4.3CVSS6.4AI score0.01334EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by