Lucene search
+L
CvelistMost viewed

366582 matches found

Cvelist
Cvelist
•added 2023/02/27 12:0 a.m.•62 views

CVE-2023-1055

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes...

5.3AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
•added 2023/02/21 12:0 a.m.•62 views

CVE-2023-0934 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...

6.3CVSS5.5AI score0.00393EPSS
Exploits1References2
Cvelist
Cvelist
•added 2023/02/20 3:57 p.m.•62 views

CVE-2023-24998 Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

7.9AI score0.46836EPSS
Exploits1References5
Cvelist
Cvelist
•added 2023/02/14 7:32 p.m.•62 views

CVE-2023-21705 Microsoft SQL Server Remote Code Execution Vulnerability

...

8.8CVSS8.9AI score0.01113EPSS
Exploits0References1
Cvelist
Cvelist
•added 2023/01/25 9:39 p.m.•62 views

CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...

7.5CVSS7.7AI score0.5017EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/12/06 5:18 p.m.•62 views

CVE-2022-23472 Use of insecure random number generator in Passeo

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

5.9CVSS7.7AI score0.00791EPSS
Exploits0References3
Cvelist
Cvelist
•added 2022/12/04 12:0 a.m.•62 views

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7AI score0.0138EPSS
Exploits1References2
Cvelist
Cvelist
•added 2022/11/09 12:0 a.m.•62 views

CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability

...

8.8CVSS8.8AI score0.24623EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/11/01 12:0 a.m.•62 views

CVE-2022-3817 Axiomatic Bento4 mp4mux memory leak

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be...

4.3CVSS6.7AI score0.00771EPSS
Exploits1References3
Cvelist
Cvelist
•added 2022/09/26 1:25 p.m.•62 views

CVE-2022-39243 NuProcess vulnerable to command-line injection through insertion of NUL character(s)

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...

8.4CVSS10AI score0.01177EPSS
Exploits1References3
Cvelist
Cvelist
•added 2022/09/09 7:10 p.m.•62 views

CVE-2022-31006 Hyperledger Indy DOS vulnerability

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

7.5CVSS7.5AI score0.00959EPSS
Exploits0References2
Cvelist
Cvelist
•added 2022/08/19 11:52 a.m.•62 views

CVE-2022-35910

In Jellyfin before 10.8, stored XSS allows theft of an admin access token...

5.4AI score0.01283EPSS
Exploits2References3
Cvelist
Cvelist
•added 2022/08/05 4:46 p.m.•62 views

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.6AI score0.00851EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/06/09 8:0 p.m.•62 views

CVE-2022-31033 Authorization header leak in rubygem Mechanize

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...

5.9CVSS7.6AI score0.01392EPSS
Exploits0References4
Cvelist
Cvelist
•added 2022/04/15 2:15 p.m.•62 views

CVE-2022-20697 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...

8.6CVSS8.6AI score0.0111EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/03/25 5:20 p.m.•62 views

CVE-2022-24778 Incorrect Authorization in imgcrypt

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...

7.5CVSS7.6AI score0.02676EPSS
Exploits1References7
Cvelist
Cvelist
•added 2021/11/24 7:5 p.m.•62 views

CVE-2021-41270 CSV Injection in Symfony

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS6.8AI score0.01355EPSS
Exploits0References6
Cvelist
Cvelist
•added 2021/11/16 11:45 a.m.•62 views

CVE-2021-42114 Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices

Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Row Refresh TRR mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips o...

9CVSS9.2AI score0.02889EPSS
Exploits1References3
Cvelist
Cvelist
•added 2021/11/03 5:20 p.m.•62 views

CVE-2021-23509 Prototype Pollution

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

5.6CVSS9.7AI score0.01769EPSS
Exploits1References5
Cvelist
Cvelist
•added 2021/10/04 6:5 p.m.•62 views

CVE-2021-41099 Integer overflow issue with strings in Redis

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

7.5CVSS8.5AI score0.03422EPSS
Exploits0References9
Cvelist
Cvelist
•added 2021/05/26 2:4 p.m.•62 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10AI score0.99999EPSS
Exploits13References3
Cvelist
Cvelist
•added 2021/04/05 6:27 p.m.•62 views

CVE-2021-24174 Database Backups <= 1.2.2.6 - CSRF to Backup Download

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

8.2AI score0.03218EPSS
Exploits5References2
Cvelist
Cvelist
•added 2021/03/23 1:50 a.m.•62 views

CVE-2021-21355 Unrestricted File Upload in Form Framework

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...

8.6CVSS8.9AI score0.01631EPSS
Exploits0References3
Cvelist
Cvelist
•added 2021/01/20 2:50 p.m.•62 views

CVE-2021-2007

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

3.7CVSS3.7AI score0.02272EPSS
Exploits0References5
Cvelist
Cvelist
•added 2020/12/23 3:6 p.m.•62 views

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

7.6AI score0.01421EPSS
Exploits2References4
Cvelist
Cvelist
•added 2020/07/20 6:0 p.m.•62 views

CVE-2020-15121 Command injection in Radare2

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

7.4CVSS9.3AI score0.01558EPSS
Exploits0References6
Cvelist
Cvelist
•added 2020/06/09 7:43 p.m.•62 views

CVE-2020-1238

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239...

8.8AI score0.06988EPSS
Exploits0References3
Cvelist
Cvelist
•added 2020/04/13 9:20 p.m.•62 views

CVE-2020-11738

The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit...

7.5CVSS7.5AI score0.97822EPSS
Exploits11References5
Cvelist
Cvelist
•added 2020/03/18 4:33 p.m.•62 views

CVE-2019-19351

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera ...

7CVSS6.9AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
•added 2019/05/22 12:0 a.m.•62 views

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

6.2AI score0.02002EPSS
Exploits2References7
Cvelist
Cvelist
•added 2019/04/21 7:38 p.m.•62 views

CVE-2019-11416

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user...

8.8AI score0.0389EPSS
Exploits5References3
Cvelist
Cvelist
•added 2018/10/01 8:0 p.m.•62 views

CVE-2018-3982

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

8.8CVSS7.7AI score0.0128EPSS
Exploits1References1
Cvelist
Cvelist
•added 2018/08/01 1:0 p.m.•62 views

CVE-2018-1999037

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource...

4.5AI score0.00761EPSS
Exploits0References1
Cvelist
Cvelist
•added 2018/07/18 1:0 p.m.•62 views

CVE-2018-3063

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.1AI score0.03213EPSS
Exploits0References11
Cvelist
Cvelist
•added 2018/01/22 8:0 p.m.•62 views

CVE-2018-5999

An issue was discovered in AsusWRT before 3.0.0.4.38410007. In the handlerequest function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails...

9.6AI score0.8715EPSS
Exploits10References5
Cvelist
Cvelist
•added 2018/01/18 2:0 a.m.•62 views

CVE-2018-2665

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.5AI score0.03952EPSS
Exploits0References15
Cvelist
Cvelist
•added 2018/01/18 2:0 a.m.•62 views

CVE-2018-2622

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5AI score0.03952EPSS
Exploits0References15
Cvelist
Cvelist
•added 2017/04/24 7:0 p.m.•62 views

CVE-2017-3309

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple...

7.4AI score0.03078EPSS
Exploits0References10
Cvelist
Cvelist
•added 2017/01/27 10:1 p.m.•62 views

CVE-2017-3312

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure...

6.4AI score0.00446EPSS
Exploits0References12
Cvelist
Cvelist
•added 2016/10/25 2:0 p.m.•62 views

CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer...

5.7AI score0.06499EPSS
Exploits0References13
Cvelist
Cvelist
•added 2016/03/13 6:0 p.m.•62 views

CVE-2016-1979

Use-after-free vulnerability in the PK11ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services NSS before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data...

9.2AI score0.02171EPSS
Exploits0References23
Cvelist
Cvelist
•added 2015/10/14 1:0 a.m.•62 views

CVE-2015-2482

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

8.2AI score0.32285EPSS
Exploits3References6
Cvelist
Cvelist
•added 2015/07/16 10:0 a.m.•62 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : IS...

4.7AI score0.04079EPSS
Exploits0References15
Cvelist
Cvelist
•added 2015/07/16 10:0 a.m.•62 views

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer...

4.9AI score0.06964EPSS
Exploits0References13
Cvelist
Cvelist
•added 2015/03/08 2:0 a.m.•62 views

CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

8.9AI score0.18812EPSS
Exploits0References28
Cvelist
Cvelist
•added 2014/07/17 2:36 a.m.•62 views

CVE-2014-2494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC...

6.2AI score0.03482EPSS
Exploits0References10
Cvelist
Cvelist
•added 2014/01/31 11:0 p.m.•62 views

CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.3AI score0.06353EPSS
Exploits0References15
Cvelist
Cvelist
•added 2013/10/09 2:44 p.m.•62 views

CVE-2013-2098

...

Exploits0
Cvelist
Cvelist
•added 2013/09/13 6:0 p.m.•62 views

CVE-2013-4810

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

7.3AI score0.79003EPSS
Exploits5References7
Cvelist
Cvelist
•added 2013/09/13 6:0 p.m.•62 views

CVE-2013-4811

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code...

7.5AI score0.71293EPSS
Exploits6References4
Total number of security vulnerabilities5000