CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5367 matches found

RedHat Linux•added 2021/01/19 1:27 p.m.•97 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization 2.5.3 security and bug fix update

Red Hat OpenShift Virtualization release 2.5.3 is now available with updates to packages and images that fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives...

7.5CVSS6.6AI score0.02342EPSS

Exploits0References3

Packet Storm•added 2021/01/18 12:0 a.m.•227 views

Inteno IOPSYS 3.16.4 Root Filesystem Access

Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare Authenticated Date: 2020-03-29 Exploit Author: Henrik Pedersen Vendor Homepage: https://intenogroup.com/ Version: Iopsys -p -k Requires: impacket websocket-client On Windows: pyreadline """ def ubusAuthhost, username,...

9CVSS0.3AI score0.11075EPSS

Exploits5

OpenVAS•added 2021/01/11 12:0 a.m.•26 views

Debian: Security Advisory (DLA-2520-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.02342EPSS

Exploits0References4

OSV•added 2021/01/07 12:0 a.m.•27 views

DLA-2520-1 golang-websocket - security update

Bulletin has no description...

7.5CVSS7.5AI score0.02342EPSS

Exploits0

Debian•added 2021/01/06 11:6 p.m.•48 views

[SECURITY] [DLA 2520-1] golang-websocket security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2520-1 [email protected] https://www.debian.org/lts/security/ Brian May January 07, 2021 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.02342EPSS

Exploits0

Tenable Nessus•added 2021/01/04 12:0 a.m.•19 views

FreeBSD : InspIRCd websocket module double free vulnerability (53e9efa1-4be7-11eb-8558-3085a9a47796)

The InspIRCd development team reports : The websocket module before v3.8.1 contains a double free vulnerability. When combined with a HTTP reverse proxy this vulnerability can be used by any user who is GKZ-lined to remotely crash an InspIRCd server. C Tenable Network Security, Inc. The descripti...

5.5AI score

Exploits0References2

CNVD•added 2020/12/31 12:0 a.m.•1 views

Lan ATMService M3 ATM Monitoring System Directory Traversal Vulnerability

Lan ATMService M3 ATM Monitoring System is a software for monitoring ATM machines from the Russian company Lan ATMService. A directory traversal vulnerability exists in Lan ATMService M3 ATM Monitoring System 6.1.0. An attacker can use this vulnerability to view log files in /websocket/logs/ that...

5.3CVSS6.8AI score0.01439EPSS

Exploits0References1

CNNVD•added 2020/12/31 12:0 a.m.•5 views

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. ws crate through 2020-09-25 for Rust A security vulnerability exists that stems from the outgoing buffer not being properly constrained, leading to a remote memory consumption attack...

7.5CVSS5.9AI score0.01336EPSS

Exploits0References2

OSV•added 2020/12/17 3:15 a.m.•3 views

CVE-2020-25096

LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...

8.8CVSS7.3AI score0.01012EPSS

Exploits0References1

OSV•added 2020/12/17 3:15 a.m.•3 views

CVE-2020-25094

LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...

9.8CVSS7.5AI score0.03112EPSS

Exploits1References1

NVD•added 2020/12/17 3:15 a.m.•19 views

CVE-2020-25094

10CVSS9.6AI score0.03112EPSS

Exploits1References1

NVD•added 2020/12/17 3:15 a.m.•12 views

CVE-2020-25096

8.8CVSS8.7AI score0.01012EPSS

Exploits0References1

NVD•added 2020/12/17 3:15 a.m.•11 views

CVE-2020-25095

LogRhythm Platform Manager PM 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking CSWH. If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable P...

8.8CVSS8.8AI score0.00958EPSS

Exploits0References1

OSV•added 2020/12/17 3:15 a.m.•3 views

CVE-2020-25095

8.8CVSS7.2AI score0.00958EPSS

Exploits0References1

Prion•added 2020/12/17 3:15 a.m.•14 views

Cross site scripting

6.8CVSS8.7AI score0.00958EPSS

Exploits0References1Affected Software1

Prion•added 2020/12/17 3:15 a.m.•18 views

Design/Logic Flaw

6.5CVSS8.6AI score0.01012EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/12/17 2:4 a.m.•16 views

CVE-2020-25094

9.6AI score0.03112EPSS

Exploits1References1

Cvelist•added 2020/12/17 2:4 a.m.•28 views

CVE-2020-25095

8.8AI score0.00958EPSS

Exploits0References1

CVE•added 2020/12/17 2:3 a.m.•56 views

CVE-2020-25096

CVE-2020-25096 affects LogRhythm Platform Manager (PM) 7.4.9 and describes an Incorrect Access Control issue where WebSocket-based communication to the PM application server is not protected by access control, allowing a low-privilege user to interact with any back-end component that has a LogRhy...

8.8CVSS8.6AI score0.01012EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/12/17 2:3 a.m.•9 views

CVE-2020-25096

8.7AI score0.01012EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by