CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1873 matches found

Kaspersky•added 2020/05/12 12:0 a.m.•48 views

KLA11773 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of...

9.9CVSS10AI score0.52778EPSS

Exploits18References98

CNVD•added 2020/05/06 12:0 a.m.•1 views

SAE IT-systems FW-50 Remote Telemetry Unit Cross-Site Scripting Vulnerability

The SAE IT-systems FW-50 Remote Telemetry Unit is a remote terminal unit RTU from SAE IT-systems, Germany. A cross-site scripting vulnerability exists in the SAE IT-systems FW-50 Remote Telemetry Unit, which originates from the program failing to properly validate user input. A remote attacker...

6.1CVSS6.4AI score0.00687EPSS

Exploits0References1

Prion•added 2020/05/05 9:15 p.m.•14 views

Design/Logic Flaw

SAE IT-systems FW-50 Remote Telemetry Unit RTU. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users...

4.3CVSS6.8AI score0.00687EPSS

Exploits0References1

Prion•added 2020/05/05 9:15 p.m.•15 views

Design/Logic Flaw

SAE IT-systems FW-50 Remote Telemetry Unit RTU. A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible...

6.4CVSS9.1AI score0.01406EPSS

Exploits0References1

CVE•added 2020/05/05 8:8 p.m.•81 views

CVE-2020-10630

The CVE-2020-10630 entry concerns the SAE IT-systems FW-50 Remote Telemetry Unit (RTU). Technical details from connected sources specify an improper neutralization of input during web page generation (Cross-Site Scripting) in FW-50 RTU, affecting the web server component. Related materials also i...

6.1CVSS6.8AI score0.00687EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/05/05 8:8 p.m.•11 views

CVE-2020-10630

6.3AI score0.00687EPSS

Exploits0References1

Microsoft Secure•added 2020/05/01 10:4 p.m.•103 views

Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation

The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of such an advanced attack as APT29. When looking at protection results out of the box, without configuration changes, Microsoft Threat Protection MTP: Provid...

7.2AI score

Exploits0

Trellix•added 2020/04/30 12:0 a.m.•13 views

Tales From the Trenches; a Lockbit Ransomware Story

ARCHIVED STORY Tales From the Trenches; a Lockbit Ransomware Story By ATR Operational Intelligence Team · APR 30, 2020 Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased massively over the past...

8.1AI score

Exploits0

ThreatPost•added 2020/04/21 1:59 p.m.•24 views

Oil and Gas Firms Targeted With Agent Tesla Spyware

Attackers are targeting energy companies with the Agent Tesla spyware, as seen in recent spearphishing emails with malicious attachments. Researchers say that until now, Agent Tesla has not been associated with campaigns targeting the oil-and-gas vertical. The emails leverage the tumultuous natur...

0.1AI score

Exploits0References13

Microsoft KB•added 2020/04/20 12:0 a.m.•2 views

Description of the Office Web Apps Server update: April 9, 2013

Description of the Office Web Apps Server update: April 9, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server. This update provides the latest fixes for Office Web Apps Server. Additionally, this update contains stability and performance improvements. Issues...

6.4AI score

Exploits0

Microsoft KB•added 2020/04/20 12:0 a.m.•6 views

Description of the Office Web Apps Server 2013 update: April 9, 2013

Description of the Office Web Apps Server 2013 update: April 9, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server 2013. This update provides the latest fixes for Office Web Apps Server 2013. Additionally, this update contains stability and performance...

6.4AI score

Exploits0

Hacker One•added 2020/04/17 10:49 p.m.•11 views

Elastic: Remote Code Execution on Cloud via latest Kibana 7.6.2

Summary: A prototype pollution in Kibana can be used to gain remote code execution. Description: There is a prototype pollution bug in the upgrade assistant's telemetry collector, via a dangerous usage of .set:...

0.4AI score

Exploits0

CNVD•added 2020/04/16 12:0 a.m.•1 views

Microsoft Windows Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system.Connected User Experiences and Telemetry Service is one of the components that can...

7.8CVSS7.2AI score0.00738EPSS

Exploits0References1

CNVD•added 2020/04/16 12:0 a.m.•3 views

Microsoft Windows Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

7.8CVSS7.9AI score0.00996EPSS

Exploits0References1

CNVD•added 2020/04/16 12:0 a.m.•3 views

Microsoft Windows Connected User Experiences and Telemetry Service elevation of privilege vulnerability (CNVD-2020-32585)

7.1CVSS7.2AI score0.00737EPSS

Exploits0References1

OSV•added 2020/04/15 3:15 p.m.•1 views

CVE-2020-1029

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0942, CVE-2020-0944...

7.8CVSS7.1AI score0.00996EPSS

Exploits0References1