CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9423 matches found

CNVD•added 2020/11/09 12:0 a.m.•1 views

Nextcloud Server Encryption Issue Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server 18.0.4, which stems from too small a random character set being used for encryption, making decryption tim...

3.5CVSS6.9AI score0.00093EPSS

Exploits1References1

Openbugbounty•added 2020/11/08 1:44 p.m.•8 views

set-ag.ch Cross Site Scripting vulnerability OBB-1494183

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0

OSV•added 2020/11/06 7:15 a.m.•3 views

CVE-2020-28250

Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side...

9.8CVSS7.4AI score0.02597EPSS

Exploits1References1

Veracode•added 2020/11/05 3:9 a.m.•55 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A use-after-free in ext4expandextraisize and ext4xattrsetentry allows an attacker to crash the kernel...

5.5CVSS3.5AI score0.00382EPSS

Exploits1References16Affected Software2

RedHat Linux•added 2020/11/04 1:55 a.m.•2 views

dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

6.7CVSS7.2AI score0.00087EPSS

Exploits0References6

RedHat Linux•added 2020/11/04 1:47 a.m.•4 views

tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c

An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTRSET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion du...

7.5CVSS6.3AI score0.00948EPSS

Exploits0References4

RedHat Linux•added 2020/11/04 1:25 a.m.•4 views

freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdpreadfontcapabilityset could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0...

3.5CVSS5.7AI score0.00124EPSS

Exploits0References4

RedHat Linux•added 2020/11/04 1:14 a.m.•3 views

kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field

A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to perform ioctl2 cal...

5.4CVSS7AI score0.00073EPSS

Exploits1References4

Prion•added 2020/10/29 9:15 a.m.•20 views

Design/Logic Flaw

Synology Router Manager SRM before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

4.3CVSS5.9AI score0.00264EPSS

Exploits1References2Affected Software1

CVE•added 2020/10/29 8:55 a.m.•58 views

CVE-2020-27658

Synology SRM (on SRM up to 1.2.4-8081) is affected by CVE-2020-27658: the web interface session cookie id is Set-Cookie without the HttpOnly flag, enabling potential theft of the cookie via injected JavaScript and facilitating an XSS-based information disclosure. TALOS details confirm the vulnera...

7.1CVSS6.6AI score0.00264EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/10/29 8:55 a.m.•16 views

CVE-2020-27658

7.1CVSS6.8AI score0.00264EPSS

Exploits1References2

BDU FSTEC•added 2020/10/27 12:0 a.m.•1 views

The vulnerability of the set_file_metadata function in the GNU Wget download manager allows a hacker to gain access to protected information.

The vulnerability of the setfilemetadata function in the GNU Wget download manager is related to the lack of protection for metadata. Exploiting this vulnerability could allow an attacker to access protected information...

7.8CVSS0.00044EPSS

Exploits1References4Affected Software5

Veracode•added 2020/10/20 1:39 a.m.•29 views

Prototype Pollution

object-path is vulnerable to prototype pollution. The vulnerability exists as the set method does not restrict the proto header value to be set. The vulnerability is limited to the includeInheritedProps mode, and setting the option includeInheritedProps: true, or by using the default...

9.8CVSS1.6AI score0.00163EPSS

Exploits0References3Affected Software1

OSV•added 2020/10/19 10:15 p.m.•31 views

CVE-2020-15256

A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...

9.8CVSS9AI score

Exploits0References2

OSV•added 2020/10/19 10:15 p.m.•1 views

DEBIAN-CVE-2020-15256

9.8CVSS7.2AI score0.00163EPSS

Exploits0References1

OSV•added 2020/10/19 10:15 p.m.•0 views

UBUNTU-CVE-2020-15256

9.8CVSS6.9AI score0.00163EPSS

Exploits0References5

Prion•added 2020/10/19 10:15 p.m.•27 views

Design/Logic Flaw