CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5578 matches found

Cvelist•added 2019/12/13 1:5 a.m.•16 views

CVE-2019-19777

stbimage.h aka the stb image loader 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbiloadmain...

8.9AI score0.01404EPSS

Exploits1References1

Positive Technologies•added 2019/12/13 12:0 a.m.•2 views

PT-2019-15952 · Stb +1 · Stb Image.H +1

Name of the Vulnerable Software and Affected Versions: stb image.h aka the stb image loader version 2.23 Description: The issue is a heap-based buffer over-read in the stbi load main function. This problem affects products that use the stb image loader, including libsixel. Recommendations: For...

9.8CVSS5.7AI score0.01501EPSS

Exploits21References60

Qualys Blog•added 2019/12/12 12:49 a.m.•261 views

OpenBSD Local Privilege Escalation Vulnerability (CVE-2019-19726)

Qualys Research Labs discovered a local privilege escalation vulnerability in OpenBSD's dynamic loader. The vulnerability could allow local users or malicious software to gain full root privileges. OpenBSD developers have confirmed the vulnerability and released security patches in less than 3...

7.5CVSS1.4AI score0.03522EPSS

Exploits14

Packet Storm•added 2019/12/12 12:0 a.m.•258 views

Qualys Security Advisory - OpenBSD Dynamic Loader Privilege Escalation

Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration...

0.5AI score0.03522EPSS

Exploits12

The Hacker News•added 2019/12/11 4:2 p.m.•4 views

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin , has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan,...

6AI score

Exploits0

Positive Technologies•added 2019/12/10 12:0 a.m.•3 views

PT-2020-5627 · Qemu +6 · Qemu +6

Name of the Vulnerable Software and Affected Versions: QEMU versions 4.0 through 4.1.0 Description: The issue is related to the rom copy function in hw/core/loader.c, which does not properly validate the relationship between two addresses. This allows attackers to trigger an invalid memory copy...

8.6CVSS6.5AI score0.07393EPSS

Exploits6References238

Veracode•added 2019/12/05 7:43 a.m.•40 views

Remote Code Execution (RCE)

solr-velocity is vulnerable to remote code execution RCE. The vulnerability can be caused by loading custom Velocity templates containing malicious code since the solr resource loader in VelocityResponseWriter.java was on by default...

7.5CVSS2.7AI score0.98567EPSS

Exploits12References57Affected Software1

OSV•added 2019/12/05 12:15 a.m.•2 views

CVE-2019-19520

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

7.8CVSS7.3AI score0.01358EPSS

Exploits3References7

Prion•added 2019/12/05 12:15 a.m.•26 views

Design/Logic Flaw

4.6CVSS7.6AI score0.01358EPSS

Exploits3References7Affected Software1

CNVD•added 2019/12/05 12:0 a.m.•5 views

OpenBSD has an unspecified vulnerability (CNVD-2019-44735)

OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD project team. A security vulnerability exists in xlock in OpenBSD version 6.6, which stems from the xenocara/lib/mesa/src/loader/loader.c file not handling dlopen correctly.A local attacker can exploit thi...

7.8CVSS6.6AI score0.01358EPSS

Exploits3References1

CVE•added 2019/12/04 11:34 p.m.•84 views

CVE-2019-19520

OpenBSD 6.6 is affected by CVE-2019-19520 (xlock) where local attackers can escalate to the auth group by manipulating LIBGL_DRIVERS_PATH. Root cause: xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. Impact, per sources, is local privilege escalation; OpenBSD patches exist via syspatch/Op...

7.8CVSS8.1AI score0.01358EPSS

Exploits3References7Affected Software1

ThreatPost•added 2019/12/04 6:32 p.m.•54 views

‘Highly Competitive' Buer Loader Emerges in Underground Markets

A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...

7.3AI score

Exploits0References16

BDU FSTEC•added 2019/11/25 12:0 a.m.•7 views

The vulnerability of the image loading module in the software suite for creating 3D computer graphics in Blender arises from a numerical overflow condition. This allows an attacker to execute arbitrary code.

The vulnerability of the image loading module in Blender’s 3D computer graphics software is caused by a numerical overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious .blend file...

7.8CVSS7.9AI score0.0265EPSS

Exploits1References6Affected Software2

BDU FSTEC•added 2019/11/25 12:0 a.m.•2 views

The vulnerability of Microprogramming Software: Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Dynamic Application Loader (DAL) is related to authentication errors, allowing attackers to escalate their privileges.

The vulnerabilities of Microprogramming Software: Intel Converged Security and Manageability Engine CSME, Intel Trusted Execution Engine TXE, and Intel Dynamic Application Loader DAL are related to authentication errors. Exploiting these vulnerabilities can allow attackers to enhance their...

4.1CVSS7AI score0.00366EPSS

Exploits0References2Affected Software2

BDU FSTEC•added 2019/11/25 12:0 a.m.•3 views

The vulnerability of Microprogramming Software: Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Dynamic Application Loader (DAL) arises from insufficient validation of input data, allowing attackers to disclose protected information.

The vulnerability of Microprogramming Software: Intel Converged Security and Manageability Engine CSME, Intel Trusted Execution Engine TXE, and Intel Dynamic Application Loader DAL is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to disclose...

4.1CVSS6.5AI score0.00346EPSS

Exploits0References2Affected Software3

BDU FSTEC•added 2019/11/25 12:0 a.m.•3 views

The vulnerability of Microprogramming Software: Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Dynamic Application Loader (DAL) arises from insufficient session verification, allowing attackers to exploit their privileges.

The vulnerability of the Intel Active Management Technology AMT implementation of the Intel Converged Security and Manageability Engine CSME software is related to insufficient session verification. Exploiting this vulnerability can allow attackers to enhance their privileges...

4.6CVSS6.9AI score0.00335EPSS

Exploits0References2Affected Software2