CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Carbon Black Blog•added 2018/02/13 7:30 p.m.•13 views

Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

6.6AI score

Carbon Black Blog•added 2018/01/25 8:27 p.m.•103 views

Carbon Black Named a Visionary in Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms

For the second consecutive year, Carbon Black has been named a “Visionary” in Gartner’s Magic Quadrant for Endpoint Protection Platforms. For this year’s edition of the MQ, Gartner evaluated Cb Defense, our flagship solution built on the Cb Predictive Security Cloud ™ PSC. Our vision for the PSC ...

7AI score

Carbon Black Blog•added 2018/01/18 6:0 p.m.•21 views

Excerpts from Preparing for NGAV at Scale: Easy Operation at Enterprise Scale

Carbon Black recently published a guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV; this is the last excerpt from that guide, which you can find here. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps...

7.1AI score

Trend Micro Simply Security•added 2018/01/04 1:22 p.m.•32 views

Fixing the Meltdown and Spectre vulnerabilities

Two days ago, Graz University of Technology published a paper describing a pair of attacks on common microprocessors. The underlying vulnerability affects Intel, AMD, and ARM processors. All contemporary microprocessors pre-execute instructions. In other words, the vulnerability bypasses address...

6.3AI score

ThreatPost•added 2017/12/05 12:27 p.m.•17 views

Developers Targeted in ‘ParseDroid’ PoC Attack

Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...

1AI score

Exploits0References1

ThreatPost•added 2017/11/22 12:40 a.m.•28 views

Uber Reveals 2016 Breach of 57 Million User Accounts

Ride-hailing service Uber Technologies revealed Tuesday that the company suffered a breach of 57 million Uber user accounts in 2016. According to reports, Uber then attempted to cover up the incident by paying $100,000 to attackers to keep the hack a secret and delete the data. Dara Khosrowshahi,...

6.9AI score

Exploits0References5

NVD•added 2017/11/16 7:29 a.m.•10 views

CVE-2017-12290

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...

NVD•added 2017/11/16 7:29 a.m.•18 views

CVE-2017-12322

Prion•added 2017/11/16 7:29 a.m.•11 views

Cross site scripting

4.3CVSS6.2AI score0.00164EPSS

Prion•added 2017/11/16 7:29 a.m.•12 views

Cross site scripting

4.3CVSS6.2AI score0.00164EPSS

NVD•added 2017/11/16 7:29 a.m.•11 views

CVE-2017-12291

NVD•added 2017/11/16 7:29 a.m.•6 views

CVE-2017-12320

Cvelist•added 2017/11/16 7:0 a.m.•8 views

CVE-2017-12320

6.2AI score0.00164EPSS

CVE•added 2017/11/16 7:0 a.m.•42 views

CVE-2017-12290

CVE-2017-12290 affects Cisco Registered Envelope Service web interface. The issue involves multiple XSS and URL-redirect vulnerabilities due to insufficient input validation, allowing unauthenticated, remote attackers to execute arbitrary script code or steal browser-based information by luring u...

Cvelist•added 2017/11/16 7:0 a.m.•10 views

CVE-2017-12291

6.2AI score0.00164EPSS

CVE•added 2017/11/16 7:0 a.m.•44 views

CVE-2017-12291

The CVE-2017-12291 issue affects Cisco’s Cloud-based Cisco Registered Envelope Service web interface. The vulnerability set stems from insufficient validation of user-supplied input in the web-based management UI, enabling an unauthenticated, remote attacker to perform cross-site scripting (XSS) ...

Cvelist•added 2017/11/16 7:0 a.m.•12 views

CVE-2017-12321

6.2AI score0.00164EPSS

CVE•added 2017/11/16 7:0 a.m.•42 views

CVE-2017-12292

Cisco Registered Envelope Service (cloud-based) web interface contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user via a malicious link or crafted HTTP request to execute arbitrary...

CVE•added 2017/11/16 7:0 a.m.•39 views

CVE-2017-12320

Cisco Registered Envelope Service (web interface) contains multiple XSS vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link or send a request to execute arbitrary script in the user’s browser or access browser-based...