CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2548 matches found

OSV•added 2022/07/05 1:3 p.m.•2 views

USN-5502-1 openssl vulnerability

Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS6.8AI score0.02024EPSS

Exploits0References2

IBM Security Bulletins•added 2022/07/01 10:33 p.m.•29 views

Security Bulletin: A security vulnerability has been identified in Apache log4j versions 2.0 beta 9 - 2.14 (CVE-2021-44228) in IBM Maximo Scheduler Optimization

Summary Apache log4j 2 library is used by IBM Maximo Scheduler Optimization MSO. This bulletin provides remediation for the Apache log4j 2 vulnerability CVE-2021-44228 by performing the applicable steps to the MSO product. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j coul...

10CVSS1.3AI score0.99999EPSS

Exploits344Affected Software1

Cvelist•added 2022/07/01 12:0 a.m.•23 views

CVE-2022-32325

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c...

6.6AI score0.00792EPSS

Exploits1References2

CNVD•added 2022/06/21 12:0 a.m.•21 views

ZZCMS SQL Injection Vulnerability (CNVD-2022-58903)

zzcms Webmaster Merchants Content Management System, developed by the zzcms team, incorporates database optimization, content caching, AJAX and other technologies to make the site's security, stability, and load capacity is reliably guaranteed. The source code is open and the functional modules a...

6.5CVSS1.8AI score0.00887EPSS

Exploits1

OSV•added 2022/06/20 8:21 p.m.•7 views

MAL-2022-5662 Malicious code in react-optimization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b90d112d4cf18b4911d3ade2a096e55ec822a1fed4f5396dac601a658618bda Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OSV•added 2022/06/18 9:30 p.m.•9 views

MGASA-2022-0234 Updated php packages fix security vulnerability

CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...

8.8CVSS8.7AI score0.5838EPSS

Exploits3References3

OSV•added 2022/06/17 12:27 a.m.•21 views

GHSA-3PP4-64MP-9CG9 Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

Affected versions of this crate maintains references to memory that might have been freed already. If affects the following two tremor-script language constructs: A Merge where we assign the result back to the target expression and the expression to be merged needs to reference the event: let sta...

9.8CVSS8.5AI score0.01191EPSS

Exploits0References3

Github Security Blog•added 2022/06/17 12:27 a.m.•12 views

Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

0.3AI score

Exploits0References3Affected Software1

Rapid7 Blog•added 2022/06/07 3:24 p.m.•22 views

Identifying Cloud Waste to Contain Unnecessary Costs

Cloud adoption has exploded over the past decade or so, and for good reason. Many digital transformation advancements – and even the complete reimagination of entire industries – can be directly mapped and attributed to cloud innovation. While this rapid pace of innovation has had a profound impa...

Exploits0

Tenable Nessus•added 2022/06/07 12:0 a.m.•62 views

Amazon Linux 2 : microcode_ctl (ALAS-2022-1800)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1800 advisory. A flaw was found in hw. Processor optimization removal or modification of security-critical code for some IntelR processors may...

5.5CVSS7.2AI score0.00343EPSS

Exploits0References3

The Hacker News•added 2022/06/06 12:20 p.m.•21 views

Be Proactive! Shift Security Validation Left

"Shifting security" left approach in Software Development Life Cycle SDLC means starting security earlier in the process. As organizations realized that software never comes out perfectly and are riddled with many exploitable holes, bugs, and business logic vulnerabilities that require going back...

7.2AI score

Exploits0

CNNVD•added 2022/05/25 12:0 a.m.•3 views

Creativeitem Academy-LMS 跨站脚本漏洞

Creativeitem Academy-LMS, an online learning platform from Creativeitem, Inc. A cross-site scripting vulnerability exists in Creativeitem Academy-LMS v4.3, which stems from a lack of data validation filtering of user-supplied data and output in the SEO panel. An attacker could exploit this...

4.8CVSS5.6AI score0.00599EPSS

Exploits1References2

RedhatCVE•added 2022/05/20 11:13 p.m.•37 views

CVE-2022-0307

Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.00738EPSS

Exploits0References1

OSV•added 2022/05/12 5:15 p.m.•2 views

DEBIAN-CVE-2022-21151