CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1107 matches found

Positive Technologies•added 2020/03/11 12:0 a.m.•8 views

PT-2020-6579

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.17 and prior Ansible Engine versions 2.8.9 and prior Ansible Engine versions 2.9.6 and prior Description The issue is related to a race condition flaw in Ansible Engine when running a playbook with an unprivileged...

5CVSS7.6AI score0.00027EPSS

Exploits1References199

Talos•added 2020/03/09 12:0 a.m.•179 views

WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities

Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An...

7.8CVSS6.8AI score0.00159EPSS

Exploits3

CNVD•added 2020/03/08 12:0 a.m.•2 views

Timeshift Code Execution Vulnerability

Timeshift is a Linux system restore tool. The product supports the creation of file system snapshots and provides features such as snapshot recovery. A security vulnerability exists in Timeshift versions prior to 20.03, which stems from the 'inittmp' function of the TeeJee.FileSystem.vala file...

7CVSS7.1AI score0.00124EPSS

Exploits0References1

Tenable Nessus•added 2020/02/06 12:0 a.m.•25 views

Debian DLA-2095-1 : storebackup security update

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that...

9.3CVSS7.5AI score0.05192EPSS

Exploits0References3

OPENSUSE Linux•added 2020/01/28 12:0 a.m.•63 views

Security update for sarg (important)

openSUSE Security Update: Security update for sarg Announcement ID: openSUSE-SU-2020:0117-1 Rating: important References: 1156643 Cross-References: CVE-2019-18932 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for sarg fixes...

7CVSS6.9AI score0.0004EPSS

Exploits0References1

NVD•added 2020/01/22 7:15 p.m.•10 views

CVE-2019-19843

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wpstoolcache...

9.8CVSS9.6AI score0.00646EPSS

Exploits1References3

Prion•added 2020/01/22 7:15 p.m.•17 views

Design/Logic Flaw

7.5CVSS9.5AI score0.00646EPSS

Exploits1References3Affected Software2

NVD•added 2020/01/21 9:15 p.m.•12 views

CVE-2020-7040

9.3CVSS8AI score0.05192EPSS

Exploits0References10

UbuntuCve•added 2020/01/21 9:15 p.m.•21 views

CVE-2020-7040

9.3CVSS7.1AI score0.05192EPSS

Exploits0References3

Cvelist•added 2020/01/21 8:3 p.m.•15 views

CVE-2020-7040

7.9AI score0.05192EPSS

Exploits0References10

Debian CVE•added 2020/01/21 8:3 p.m.•22 views

CVE-2020-7040

9.3CVSS8AI score0.05192EPSS

Exploits0

OSV•added 2020/01/21 6:15 p.m.•1 views

DEBIAN-CVE-2019-18932

log.c in Squid Analysis Report Generator sarg through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and...

7CVSS7AI score0.0004EPSS

Exploits0References1

OpenVAS•added 2020/01/10 12:0 a.m.•6 views

Linux: Separate partition for /var/tmp

The /var/tmp directory is a world-writable directory used for temporary storage. This script tests if a separate partition exists for /var/tmp. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify i...

7.3AI score

Exploits0References1

Prion•added 2019/12/30 10:15 p.m.•9 views

Code injection

The isearch package textproc/isearch before 1.47.01nb1 uses the tempnam function to create insecure temporary files into a publicly-writable area /tmp...

5CVSS7AI score0.00371EPSS

Exploits1References5Affected Software1

NVD•added 2019/12/26 9:15 p.m.•7 views

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.4CVSS5.6AI score0.00244EPSS

Exploits1References2

Prion•added 2019/12/26 9:15 p.m.•11 views

Design/Logic Flaw

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

3.5CVSS7.4AI score0.00244EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/12/26 8:49 p.m.•15 views

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.6AI score0.00244EPSS

Exploits1References2

CVE•added 2019/12/26 8:49 p.m.•94 views

CVE-2013-4318

CVE-2013-4318 affects the Ruby Gems Features package (Ruby Features 0.3.0). The issue is a file handling flaw where input submitted to /tmp/out.html is not properly validated, enabling a local cross-site scripting (XSS) attack. Some sources describe the risk as a local XSS, while others reference...

5.4CVSS5.5AI score0.00244EPSS

Exploits1References2Affected Software1

NVD•added 2019/12/15 10:15 p.m.•19 views

CVE-2014-3701

eDeploy has tmp file race condition flaws...

9.3CVSS8.2AI score0.00465EPSS

Exploits0References3

Prion•added 2019/12/15 10:15 p.m.•19 views

Race condition

eDeploy has tmp file race condition flaws...

9.3CVSS7.2AI score0.00465EPSS

Exploits0References3Affected Software1