Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

125 matches found

Prion
Prionadded 2018/03/19 9:29 p.m.15 views

Integer overflow

Multiple integer overflows in TrueCrypt 7.1a allow local users to 1 obtain sensitive information via vectors involving a crafted item-OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or 2 cause a denial of service memory consumption via vectors involving large...

3.6CVSS6.9AI score0.0004EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2018/03/19 9:0 p.m.7 views

CVE-2014-2884

The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a 1 TCIOCTLOPENTEST or 2 TCIOCTLGETSYSTEMDRIVECONFIG IOCTL call...

3.8AI score0.00035EPSS
Exploits0References2
Cvelist
Cvelistadded 2018/03/19 9:0 p.m.9 views

CVE-2014-2885

Multiple integer overflows in TrueCrypt 7.1a allow local users to 1 obtain sensitive information via vectors involving a crafted item-OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or 2 cause a denial of service memory consumption via vectors involving large...

6.7AI score0.0004EPSS
Exploits0References2
CVE
CVEadded 2018/03/19 9:0 p.m.42 views

CVE-2014-2884

CVE-2014-2884 concerns TrueCrypt 7.1a. The vulnerability is in the Ntdriver.c function ProcessVolumeDeviceControlIrp, where local users can bypass access restrictions and obtain sensitive information about arbitrary files through two IOCTL calls: TC_IOCTL_OPEN_TEST and TC_IOCTL_GET_SYSTEM_DRIVE_C...

3.3CVSS4AI score0.00035EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2018/03/19 9:0 p.m.38 views

CVE-2014-2885

Concrete details from connected documents show that CVE-2014-2885 affects TrueCrypt 7.1a via two integer-overflow vectors: (1) OriginalLength handling in EncryptedIoQueue.c:MainThreadProc, enabling local information disclosure; (2) large StartingOffset/Length handling in Ntdriver.c:ProcessVolumeD...

7.1CVSS6.6AI score0.0004EPSS
Exploits0References2Affected Software1
n0where
n0whereadded 2017/11/28 5:0 a.m.28 views

Linux Memory Cryptographic Keys Extractor: CryKeX

Some work has been already published regarding the subject of cryptograhic keys security within DRAM. Basically, we need to find something that looks like a key entropic and specific length and then confirm its nature by analyzing the memory structure around it C data types. The idea is to dump...

0.6AI score
Exploits0References2
Kitploit
Kitploitadded 2017/11/08 9:37 p.m.18 views

Parrot Security 3.9 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...

7.3AI score
Exploits0
NVD
NVDadded 2017/10/03 1:29 a.m.11 views

CVE-2015-7359

The 1 IsVolumeAccessibleByCurrentUser and 2 MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level an...

7.8CVSS7.7AI score0.00188EPSS
Exploits0References5
Prion
Prionadded 2017/10/03 1:29 a.m.35 views

Code injection

The 1 IsVolumeAccessibleByCurrentUser and 2 MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level an...

4.6CVSS7.1AI score0.00188EPSS
Exploits0References5Affected Software3
NVD
NVDadded 2017/10/03 1:29 a.m.11 views

CVE-2015-7358

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges...

7.8CVSS7.7AI score0.01152EPSS
Exploits1References6
Cvelist
Cvelistadded 2017/10/02 7:0 p.m.12 views

CVE-2015-7359

The 1 IsVolumeAccessibleByCurrentUser and 2 MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level an...

7.7AI score0.00188EPSS
Exploits0References5
CVE
CVEadded 2017/10/02 7:0 p.m.84 views

CVE-2015-7358

CVE-2015-7358 affects TrueCrypt 7.0, VeraCrypt (before 1.15), and CipherShed; the IsDriveLetterAvailable check in the Windows driver (Driver/Ntdriver.c) fails to validate drive-letter symbolic links, enabling a local attacker to remap a system drive and gain full privileges via the GLOBAL?? entry...

7.8CVSS7.6AI score0.01152EPSS
Exploits1References6Affected Software3
CVE
CVEadded 2017/10/02 7:0 p.m.42 views

CVE-2015-7359

CVE-2015-7359 concerns the Windows kernel driver in TrueCrypt 7.0, VeraCrypt (before 1.15), and CipherShed. The flaw: IsVolumeAccessibleByCurrentUser and MountDevice do not validate the impersonation level of tokens, allowing local users to impersonate a user at SecurityIdentify level and access ...

7.8CVSS7.6AI score0.00188EPSS
Exploits0References5Affected Software3
Cvelist
Cvelistadded 2017/10/02 7:0 p.m.12 views

CVE-2015-7358

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges...

7.7AI score0.01152EPSS
Exploits1References6
Kitploit
Kitploitadded 2017/04/21 9:57 p.m.24 views

Truehunter - Tool to detect TrueCrypt containers

The goal of Truehunter is to detect TrueCrypt containers using a fast and memory efficient approach. It was designed as a PoC some time ago as I couldn't find any open source tool with the same functionality. Installation Just use with Python 2.7, it does not need any additional libraries. usage:...

7.3AI score
Exploits0References1
NVD
NVDadded 2017/01/23 9:59 p.m.11 views

CVE-2016-1281

Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application...

7.8CVSS7.8AI score0.00243EPSS
Exploits1References2
OSV
OSVadded 2017/01/23 9:59 p.m.16 views

CVE-2016-1281

Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application...

7.8CVSS7.6AI score
Exploits0References2
Prion
Prionadded 2017/01/23 9:59 p.m.85 views

Design/Logic Flaw

Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application...

4.4CVSS7.8AI score0.00243EPSS
Exploits1References2Affected Software2
Cvelist
Cvelistadded 2017/01/23 9:0 p.m.12 views

CVE-2016-1281

Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application...

7.8AI score0.00243EPSS
Exploits1References2
CVE
CVEadded 2017/01/23 9:0 p.m.41 views

CVE-2016-1281

The CVE-2016-1281 entry describes an untrusted search path/DLL hijacking vulnerability in installers for TrueCrypt 7.2 and 7.1a , and VeraCrypt before 1.17-BETA (and possibly other products). The issue allows local users to execute arbitrary code with administrator privileges by placing a Trojan ...

7.8CVSS7.8AI score0.00243EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder