CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1401 matches found

CNNVD•added 2022/01/24 12:0 a.m.•4 views

Moodle 跨站请求伪造漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site request forgery vulnerability exists in Moodle 3.11 through 3.11.4, 3.10 through 3.10.8, and 3.9 through 3.9.11, which ste...

8.8CVSS5.5AI score0.00607EPSS

Exploits0References5

OSV•added 2022/01/06 10:4 p.m.•2 views

GHSA-9HFG-PXR6-Q4VP Use of a Broken or Risky Cryptographic Algorithm in crypto2

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

9.8CVSS7.2AI score0.00753EPSS

Exploits0References5

Github Security Blog•added 2022/01/06 10:4 p.m.•25 views

Use of a Broken or Risky Cryptographic Algorithm in crypto2

9.8CVSS8.9AI score0.00753EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2022/01/06 12:0 a.m.•71 views

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerability (USN-5206-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5206-1 advisory. Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to...

4.4CVSS6.7AI score0.0052EPSS

Exploits1References2

NVD•added 2022/01/03 8:15 a.m.•13 views

CVE-2021-30275

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and...

9.3CVSS0.00154EPSS

Exploits0References1

Prion•added 2022/01/03 8:15 a.m.•21 views

Integer overflow

7.2CVSS7.8AI score0.00154EPSS

Exploits0References1

Prion•added 2022/01/03 8:15 a.m.•23 views

Integer overflow

An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

4.6CVSS8.3AI score0.00172EPSS

Exploits0References1

CVE•added 2022/01/03 7:25 a.m.•55 views

CVE-2021-30275

The CVE-2021-30275 issue is an input validation and integer overflow vulnerability in Qualcomm’s closed‑source components across Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity and related SoCs). The root cause is a lack of address/size validation before the page alignment operat...

9.3CVSS7.8AI score0.00154EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/01/03 7:25 a.m.•18 views

CVE-2021-30275

9.3CVSS9.6AI score0.00154EPSS

Exploits0References1

Positive Technologies•added 2022/01/01 12:0 a.m.•6 views

PT-2025-8568

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A subtraction overflow bug has been resolved in the Linux kernel. The issue occurs when hole end is small enough to cause a subtraction overflow, or when addr + 2 min alignment overflows...

7.8CVSS6.7AI score0.00258EPSS

Exploits0

Qualys Blog•added 2021/12/13 8:42 p.m.•20 views

Developing a Repeatable and Sustainable Security Exploitable Risk Reporting Program

Introduction The key to creating a practical Reporting Philosophy is/are well-written vulnerability management policies, standards, and guidelines. These are often referred to as a Security, Governance, Risk, and Compliance SGRC program and a well-defined risk exception and acceptance RA program,...

6.9AI score

Exploits0

CNNVD•added 2021/12/06 12:0 a.m.•4 views

多款Qualcomm产品输入验证错误漏洞

Qualcomm QCA6574AU and others are products of Qualcomm Incorporated Qualcomm.QCA6574AU is a central processing unit CPU product.SDX24 is a modem.MDM9205 is a central processing unit CPU product. An input validation error vulnerability exists in multiple Qualcomm products. The vulnerability stems...

9.3CVSS7.3AI score0.00154EPSS

Exploits0References4

UbuntuCve•added 2021/11/26 12:0 a.m.•75 views

CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data...

4.4CVSS6.8AI score0.0052EPSS

Exploits1References10

Positive Technologies•added 2021/11/25 12:0 a.m.•4 views

PT-2021-7327 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way a user maps some regions of memory twice using the shmget function, which are aligned to PUD...

9.8CVSS7AI score0.78684EPSS

Exploits238References1464

ATTACKERKB•added 2021/11/24 1:15 a.m.•4 views

CVE-2021-28707

PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have more memory assigne...

8.8CVSS5.5AI score0.00348EPSS

Exploits0References8Affected Software1

OSV•added 2021/11/24 1:15 a.m.•2 views

DEBIAN-CVE-2021-28707

8.8CVSS8AI score0.00348EPSS

Exploits0References1

NVD•added 2021/11/24 1:15 a.m.•18 views

CVE-2021-28704

8.8CVSS0.00328EPSS

Exploits0References5

OSV•added 2021/11/24 1:15 a.m.•4 views

ALPINE-CVE-2021-28707