CVE (Common Vulnerabilities And Exposures)
A dataset of cyber security threats and their significance from NIST
@kaggle.andrewkronser_cve_common_vulnerabilities_and_exposures
Cve
@kaggle.andrewkronser_cve_common_vulnerabilities_and_exposures.cve
- 10.49 MB
- 89660 rows
- 13 columns
unnamed_0Unnamed: 0 | mod_dateMod Date | pub_datePub Date | cvssCvss | cwe_codeCwe Code | cwe_nameCwe Name | summarySummary | access_authenticationAccess Authentication | access_complexityAccess Complexity | access_vectorAccess Vector | impact_availabilityImpact Availability | impact_confidentialityImpact Confidentiality | impact_integrityImpact Integrity |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2019-16548 | Thu Nov 21 2019 15:15:00 GMT+0000 (Coordinated Universal Time) | Thu Nov 21 2019 15:15:00 GMT+0000 (Coordinated Universal Time) | 6.8 | 352 | Cross-Site Request Forgery (CSRF) | A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | nan | nan | nan | nan | nan | nan |
| CVE-2019-16547 | Thu Nov 21 2019 15:15:00 GMT+0000 (Coordinated Universal Time) | Thu Nov 21 2019 15:15:00 GMT+0000 (Coordinated Universal Time) | 4 | 732 | Incorrect Permission Assignment for Critical Resource | Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment. | nan | nan | nan | nan | nan | nan |
| CVE-2019-16546 | Thu Nov 21 2019 15:15:00 GMT+0000 (Coordinated Universal Time) | Thu Nov 21 2019 15:15:00 GMT+0000 (Coordinated Universal Time) | 4.3 | 639 | Authorization Bypass Through User-Controlled Key | Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | nan | nan | nan | nan | nan | nan |
| CVE-2013-2092 | Wed Nov 20 2019 21:22:00 GMT+0000 (Coordinated Universal Time) | Wed Nov 20 2019 21:15:00 GMT+0000 (Coordinated Universal Time) | 4.3 | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. | nan | nan | nan | nan | nan | nan |
| CVE-2013-2091 | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | 7.5 | 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. | nan | nan | nan | nan | nan | nan |
| CVE-2013-1817 | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | 5 | 200 | Information Exposure | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | nan | nan | nan | nan | nan | nan |
| CVE-2013-1816 | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | 5 | 20 | Improper Input Validation | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | nan | nan | nan | nan | nan | nan |
| CVE-2012-1257 | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | Wed Nov 20 2019 20:15:00 GMT+0000 (Coordinated Universal Time) | 2.1 | 319 | Cleartext Transmission of Sensitive Information | Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | nan | nan | nan | nan | nan | nan |
| CVE-2011-4455 | Wed Nov 20 2019 20:10:00 GMT+0000 (Coordinated Universal Time) | Wed Nov 20 2019 19:15:00 GMT+0000 (Coordinated Universal Time) | 4.3 | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. | nan | nan | nan | nan | nan | nan |
| CVE-2011-4454 | Wed Nov 20 2019 20:10:00 GMT+0000 (Coordinated Universal Time) | Wed Nov 20 2019 19:15:00 GMT+0000 (Coordinated Universal Time) | 4.3 | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. | nan | nan | nan | nan | nan | nan |
CREATE TABLE cve (
"unnamed_0" VARCHAR,
"mod_date" TIMESTAMP,
"pub_date" TIMESTAMP,
"cvss" DOUBLE,
"cwe_code" BIGINT,
"cwe_name" VARCHAR,
"summary" VARCHAR,
"access_authentication" VARCHAR,
"access_complexity" VARCHAR,
"access_vector" VARCHAR,
"impact_availability" VARCHAR,
"impact_confidentiality" VARCHAR,
"impact_integrity" VARCHAR
);