CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2018/10/08 1:1 p.m.•246 views

How to Start a Career in Cybersecurity: All You Need to Know

Cybersecurity is one of the most dynamic and exciting fields in tech, combining cutting-edge information technology with crime fighting. It's also an industry in serious need of qualified professionals. Estimates show that there are over one million unfilled cybersecurity jobs. The U.S. Bureau of...

6.7AI score

Malwarebytes•added 2018/10/05 3:0 p.m.•89 views

Fileless malware: part deux

In part one of this series, we focused on an introduction to the concepts fileless malware, providing examples of the problems that we in the security industry face when dealing with these types of attacks. In part two, I will be walking through a few demonstrations of fileless malware attacks th...

7.4AI score

Fedora•added 2018/09/27 2:36 a.m.•36 views

[SECURITY] Fedora 28 Update: moodle-3.4.5-1.fc28

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

8.8CVSS1.9AI score0.04425EPSS

Fedora•added 2018/09/26 8:23 p.m.•26 views

[SECURITY] Fedora 29 Update: moodle-3.5.2-1.fc29

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

8.8CVSS1.9AI score0.04425EPSS

Fedora•added 2018/09/26 8:18 p.m.•46 views

[SECURITY] Fedora 27 Update: moodle-3.3.8-1.fc27

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

8.8CVSS1.9AI score0.04425EPSS

Citrix•added 2018/09/25 12:0 a.m.•5 views

AppfW blocking and not logging, with PostBodyLimit set to >1GB

When we apply an appfirewall profile only in log and learning mode. After applying some pages become unavailable but there is no logs. Appfw blocking but no logs, when we enableapplication/x-www-form-urlencoded option in the appfw security...

7.1AI score

CNVD•added 2018/09/21 12:0 a.m.•2 views

Elastic X-Pack Machine Learning Cross-Site Scripting Vulnerability

Elastic X-Pack is an extension of the Elastic Stack log analytics system from Elasticsearch in the Netherlands.X-Pack Machine Learning is one of the machine learning components. A cross-site scripting vulnerability in Elastic X-Pack Machine Learning versions prior to 6.2.4 and prior to 5.6.9 can ...

5.4CVSS5.8AI score0.00647EPSS

Exploits0References1

OSV•added 2018/09/19 7:29 p.m.•1 views

CVE-2018-3823

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. Users with manageml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructiv...

5.4CVSS5.7AI score

OSV•added 2018/09/19 7:29 p.m.•1 views

CVE-2018-3824

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive...

6.1CVSS5.7AI score0.00866EPSS

Prion•added 2018/09/19 7:29 p.m.•17 views

Cross site scripting

3.5CVSS5.8AI score0.00647EPSS

Exploits0References2Affected Software3

Prion•added 2018/09/19 7:29 p.m.•16 views

Cross site scripting

4.3CVSS6.1AI score0.00866EPSS

Exploits0References2Affected Software3

NVD•added 2018/09/19 7:29 p.m.•15 views

CVE-2018-3824

6.1CVSS6.3AI score0.00866EPSS

NVD•added 2018/09/19 7:29 p.m.•15 views

CVE-2018-3823

5.4CVSS6AI score0.00647EPSS

Cvelist•added 2018/09/19 7:0 p.m.•18 views

CVE-2018-3824

6.3AI score0.00866EPSS

CVE•added 2018/09/19 7:0 p.m.•73 views

CVE-2018-3824

CVE-2018-3824 affects Elastic X-Pack Machine Learning in Elasticsearch/Kibana prior to 6.2.4 and 5.6.9. An attacker who can inject data into an index with a running ML job can cause a cross-site scripting (XSS) payload to execute when a user views ML results, potentially exposing cookies or allow...

6.1CVSS6.1AI score0.00866EPSS

Exploits0References2Affected Software1

CVE•added 2018/09/19 7:0 p.m.•59 views

CVE-2018-3823

CVE-2018-3823 affects Elastic X-Pack Machine Learning in Kibana/Elasticsearch prior to versions 6.2.4 and 5.6.9. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied input in ML job configurations; users with manage_ml permissions could embed malic...

5.4CVSS5.6AI score0.00647EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2018/09/19 12:0 a.m.•2 views

PT-2018-16217 · Elastic · X-Pack Machine Learning

Name of the Vulnerable Software and Affected Versions: Elasticsearch X-Pack Machine Learning versions prior to 6.2.4 Elasticsearch X-Pack Machine Learning versions prior to 5.6.9 Description: A cross-site scripting issue was found, allowing users with manage ml permissions to create jobs with...

5.4CVSS5.6AI score0.00647EPSS

Exploits0References3

Packet Storm•added 2018/09/13 12:0 a.m.•54 views

Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

Title: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM LE UPTO V4.11.6 Date: 12/09/2019 Author: S. M. Zia Ur Rashid Vendor Homepage: wisetail.com Author Contact: https://www.linkedin.com/in/ziaurrashid/ Affected Version: = 4.11.6 Assaigned CVE: CVE-2018-16970, CVE-2018-16971...

4.7AI score0.00733EPSS