Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

567 matches found

Prion
Prionadded 2019/01/03 10:29 p.m.13 views

Buffer overflow

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud serve...

9.3CVSS8.5AI score0.03509EPSS
Exploits1References1
CNVD
CNVDadded 2018/12/19 12:0 a.m.4 views

Webroot BrightCloud SDK Buffer Overflow Vulnerability

Webroot BrightCloud SDK is a set of SDKs Software Development Kits from Webroot, Inc. for detecting website security. A buffer overflow vulnerability exists in the HTTP header parsing function in the Webroot BrightCloud SDK, which stems from the 'bchttpreadheader' function failing to correctly...

9.3CVSS8.2AI score0.03509EPSS
Exploits1References1
CNVD
CNVDadded 2018/12/19 12:0 a.m.2 views

Webroot BrightCloud SDK Information Disclosure Vulnerability

Webroot BrightCloud SDK is a set of SDKs Software Development Kits from Webroot, Inc. for detecting website security. A security vulnerability exists in the HTTP client functionality in the Webroot BrightCloud SDK, which stems from the client configuration failing to make a secure connection by...

8.1CVSS6.8AI score0.00195EPSS
Exploits0References1
NVD
NVDadded 2018/12/18 2:29 p.m.16 views

CVE-2018-4015

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server...

8.1CVSS8AI score0.00195EPSS
Exploits0References1
Prion
Prionadded 2018/12/18 2:29 p.m.9 views

Design/Logic Flaw

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server...

6.8CVSS7.9AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/12/18 2:0 p.m.19 views

CVE-2018-4015

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server...

8.1CVSS8AI score0.00195EPSS
Exploits0References1
CVE
CVEadded 2018/12/18 2:0 p.m.58 views

CVE-2018-4015

CVE-2018-4015 affects the Webroot BrightCloud SDK used in CUJO Smart Firewall. The root cause is that the HTTP client defaults to HTTP and does not enforce secure TLS verification, enabling a man-in-the-middle to impersonate BrightCloud servers and potentially expose credentials, alter queries, o...

8.1CVSS7.9AI score0.00195EPSS
Exploits0References1Affected Software1
Talos
Talosadded 2018/12/17 12:0 a.m.80 views

Webroot BrightCloud SDK HTTP headers-parsing code execution vulnerability

Summary An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightClo...

9.3CVSS8.6AI score0.03509EPSS
Exploits1
Talos
Talosadded 2018/12/17 12:0 a.m.106 views

Webroot BrightCloud SDK HTTP connection unsafe defaults vulnerability

Summary An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightClou...

8.1CVSS8.4AI score0.00195EPSS
Exploits0
OSV
OSVadded 2018/09/12 8:29 p.m.3 views

CVE-2018-16962

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges...

7.8CVSS5.8AI score0.00127EPSS
Exploits1References3
NVD
NVDadded 2018/09/12 8:29 p.m.17 views

CVE-2018-16962

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges...

7.8CVSS7.5AI score0.00127EPSS
Exploits1References3
Prion
Prionadded 2018/09/12 8:29 p.m.12 views

Design/Logic Flaw

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges...

7.2CVSS7.4AI score0.00127EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2018/09/12 8:0 p.m.496 views

CVE-2018-16962

CVE-2018-16962 affects Webroot SecureAnywhere on macOS prior to 9.0.8.34. The vulnerability arises from mishandling access to the product’s driver by a process that does not have root privileges, indicating a local privilege escalation risk through kernel-level access control weakness. Affected v...

7.8CVSS7.4AI score0.00127EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2018/09/12 8:0 p.m.18 views

CVE-2018-16962

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges...

7.5AI score0.00127EPSS
Exploits1References1
OSV
OSVadded 2018/05/18 6:29 p.m.14 views

CVE-2018-11245

app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes...

6.1CVSS6.1AI score
Exploits0References2
NVD
NVDadded 2017/11/13 4:29 p.m.13 views

CVE-2017-16802

In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added...

5.4CVSS5.2AI score0.00191EPSS
Exploits0References1
Prion
Prionadded 2017/11/13 4:29 p.m.12 views

Design/Logic Flaw

In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added...

3.5CVSS5.1AI score0.00191EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2017/11/08 5:29 a.m.1 views

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

9CVSS6AI score0.02642EPSS
Exploits1References2
NVD
NVDadded 2017/10/10 6:29 p.m.14 views

CVE-2017-15216

MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js...

6.1CVSS6AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelistadded 2017/10/10 6:0 p.m.19 views

CVE-2017-15216

MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js...

6AI score0.00266EPSS
Exploits0References2
Rows per page
Query Builder