CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

714 matches found

The Hacker News•added 2018/07/09 2:57 p.m.•93 views

Stolen D-Link Certificate Used to Digitally Sign Spying Malware

Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look lik...

0.2AI score

Exploits0

Hacker One•added 2018/06/30 1:4 a.m.•22 views

Brave Software: Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass

Summary: Executable files downloaded through Brave don't have quarantine attribute. That means it's possible to launch any executable bypassing codesigning + quarantine. However, later I found that Brave has already tracked similar report but only in the context of .pkg files. Additionally, Brave...

0.8AI score

Exploits0

Prion•added 2018/06/29 3:29 p.m.•11 views

Input validation

Improper check of unusual conditions when launching msiexec.exe in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection...

4.6CVSS7.4AI score0.00029EPSS

Exploits0References1Affected Software3

NVD•added 2018/06/29 3:29 p.m.•9 views

CVE-2018-13013

7.8CVSS7.5AI score0.00029EPSS

Exploits0References1

OSV•added 2018/06/29 3:29 p.m.•1 views

CVE-2018-13013

7.8CVSS5.8AI score

Exploits0References1

Cvelist•added 2018/06/29 3:0 p.m.•9 views

CVE-2018-13013

7.5AI score0.00029EPSS

Exploits0References1

CVE•added 2018/06/29 3:0 p.m.•53 views

CVE-2018-13013

The CVE-2018-13013 entry affects SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to 4.4.9. Root cause: improper check of unusual conditions when launching msiexec.exe via the SysWatch service, allowing a local attacker to...

7.8CVSS7.4AI score0.00029EPSS

Exploits0References1Affected Software3

myhack58•added 2018/06/23 12:0 a.m.•292 views

Apple's code signing vulnerability will allow malicious software to bypass the many Mac security products-vulnerability warning-the black bar safety net

Recently, from the security company Okta Rex research expert Josh Pitts in the macOS code signature mechanism found in a can take advantage of security vulnerabilities. This vulnerability lurks A A years, it allows an attacker inserts a malicious untrusted code masquerading as a trusted legal cod...

6.2AI score0.00224EPSS

Exploits6

Tenable Nessus•added 2018/06/22 12:0 a.m.•56 views

Facebook OSQuery Code Signing Bypass (macOS)

The installed version of Facebook OSQuery is less than 3.2.7 and is therefore vulnerable to allowing execution of malicious binaries due to accepting forged Apple signatures. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110643; scriptversion"1.5";...

7.8CVSS7.9AI score0.00094EPSS

Exploits1References4

PyPA•added 2018/06/13 10:29 p.m.•5 views

PYSEC-2018-95

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

7.8CVSS7.2AI score0.00224EPSS

Exploits1References1Affected Software1

NVD•added 2018/06/13 10:29 p.m.•12 views

CVE-2018-10407

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...

5.5CVSS5.6AI score0.00089EPSS

Exploits0References1

NVD•added 2018/06/13 10:29 p.m.•13 views

CVE-2018-10408

An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned co...

7.8CVSS7.7AI score0.00224EPSS

Exploits1References1

Prion•added 2018/06/13 10:29 p.m.•22 views

Code injection

An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but...

6.8CVSS7.6AI score0.00078EPSS

Exploits1References1Affected Software1

OSV•added 2018/06/13 10:29 p.m.•14 views

CVE-2018-10406

7.8CVSS7.9AI score

Exploits0References1

NVD•added 2018/06/13 10:29 p.m.•10 views

CVE-2018-10406

7.8CVSS7.6AI score0.00224EPSS

Exploits1References1

NVD•added 2018/06/13 10:29 p.m.•12 views

CVE-2018-10403

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but t...

7.8CVSS7.7AI score0.00224EPSS

Exploits1References1

NVD•added 2018/06/13 10:29 p.m.•12 views

CVE-2018-10405

7.8CVSS7.6AI score0.00078EPSS

Exploits1References1

Prion•added 2018/06/13 10:29 p.m.•14 views

Code injection

6.8CVSS7.6AI score0.00224EPSS

Exploits1References1Affected Software1

Prion•added 2018/06/13 10:29 p.m.•14 views

Code injection