Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (85 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-1000805 4 Canonical, Debian, Paramiko and 1 more 15 Ubuntu Linux, Debian Linux, Paramiko and 12 more 2024-11-21 8.8 High
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVE-2018-1000001 3 Canonical, Gnu, Redhat 10 Ubuntu Linux, Glibc, Enterprise Linux and 7 more 2024-11-21 N/A
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2017-7536 1 Redhat 9 Enterprise Linux, Hibernate Validator, Jboss Amq and 6 more 2024-11-21 7.0 High
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
CVE-2017-7525 5 Debian, Fasterxml, Netapp and 2 more 30 Debian Linux, Jackson-databind, Oncommand Balance and 27 more 2024-11-21 9.8 Critical
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
CVE-2016-2124 5 Canonical, Debian, Fedoraproject and 2 more 26 Ubuntu Linux, Debian Linux, Fedora and 23 more 2024-11-21 5.9 Medium
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.