CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

VulnCheck KEV•added 2022/08/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-1529

8.8CVSS7.3AI score0.17103EPSS

RedHat Linux•added 2022/05/27 7:49 p.m.•4 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

RedHat Linux•added 2022/05/27 7:33 p.m.•3 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

RedHat Linux•added 2022/05/27 2:55 a.m.•3 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

RedHat Linux•added 2022/05/27 2:53 a.m.•3 views

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

OSV•added 2022/05/23 12:0 a.m.•2 views

UBUNTU-CVE-2022-1529

8.8CVSS7.3AI score0.17103EPSS

Cvelist•added 2022/05/12 6:22 p.m.•25 views

CVE-2021-26368

Insufficient check of the process type in Trusted OS TOS may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service...

4.9AI score0.0014EPSS

CNNVD•added 2022/01/11 12:0 a.m.•4 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security vulnerability that arises from software that commonly accepts and passes resource handles between processes, whereby a compromised content process may confuse a...

6.5CVSS7.7AI score0.00572EPSS

Exploits1References4

BDU FSTEC•added 2022/01/10 12:0 a.m.•1 views

The vulnerability of the Performance Manager component in the Google Chrome browser allows a hacker to execute code within the context of a privileged process using a specially created HTML page.

The vulnerability of the Performance Manager component in Google Chrome browser relates to the use of memory after it is released. Exploiting this vulnerability could allow an attacker to execute code within the context of a privileged process using a specially created HTML page...

8.8CVSS7.8AI score0.01222EPSS

Exploits0References11Affected Software8

BDU FSTEC•added 2021/12/28 12:0 a.m.•2 views

The vulnerability of Google Chrome’s autonomous mode, related to the use of memory after it is freed, allows a hacker to execute code within the context of a privileged process.

The vulnerability of Google Chrome’s autonomous browser mode is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute code within the privileged process using a specially created HTML page...

8.8CVSS7.9AI score0.01157EPSS

Exploits0References8Affected Software7

OSV•added 2021/12/15 7:15 p.m.•2 views

CVE-2021-1027

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.5AI score0.00113EPSS

Prion•added 2021/12/15 7:15 p.m.•14 views

Input validation

4.6CVSS7.8AI score0.00113EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2021/11/05 12:0 a.m.•42 views

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:3604-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3604-1 advisory. - An out-of-bounds write flaw was found in the UAS USB Attached SCSI device emulation of QEMU in versions prior to 6.2.0-rc0. The devi...

7.5CVSS7.3AI score0.00526EPSS

Exploits0References9

Malwarebytes•added 2021/11/02 4:48 p.m.•92 views

Google patches zero-day vulnerability, and others, in Android

Google has issued security patches for the Android Operating System. In total, the patches address 39 vulnerabilities. There are indications that one of the patched vulnerabilities may be under limited, targeted exploitation. The most severe of these issues is a critical security vulnerability in...

10CVSS8.7AI score0.03057EPSS

Exploits0

CNVD•added 2021/10/08 12:0 a.m.•17 views

Google Android Elevation of Privilege Vulnerability (CNVD-2021-80275)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handset Alliance OHA. an elevation of privilege vulnerability exists in the Framework component of Google Android. An attacker could exploit this vulnerability to execute arbitrary code in the context of a...

7.8CVSS5.4AI score0.00251EPSS

OSV•added 2021/10/06 6:15 p.m.•1 views

CVE-2021-25490

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...

6CVSS5.8AI score