CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/09/04 10:15 p.m.•0 views

UBUNTU-CVE-2024-20506

6.1CVSS6.5AI score0.00036EPSS

Exploits0References5

Vulnrichment•added 2024/09/04 9:28 p.m.•19 views

CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability

6.1CVSS6.6AI score0.00036EPSS

Cvelist•added 2024/09/04 9:28 p.m.•20 views

CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability

6.1CVSS0.00036EPSS

Debian CVE•added 2024/09/04 9:28 p.m.•12 views

CVE-2024-20506

6.1CVSS6.1AI score0.00036EPSS

CVE•added 2024/09/04 9:28 p.m.•313 views

CVE-2024-20506

CVE-2024-20506 affects ClamAV ClamD logging: an authenticated local attacker could cause corruption of privileged system files by replacing the ClamD log with a symlink and restarting clamd. Reports cover multiple branches and versions (e.g., 1.4.0, 1.3.2 and older 1.2.x, 1.0.6 and older; 0.x lin...

6.1CVSS6.5AI score0.00036EPSS

Exploits0References2Affected Software1

OSV•added 2024/08/27 1:15 p.m.•1 views

CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...

8.8CVSS5.8AI score0.00652EPSS

CVE•added 2024/07/24 12:0 a.m.•124 views

CVE-2024-40422

CVE-2024-40422 concerns path traversal in the Devika v1 snapshot API. Affected: stitionai devika version v1, endpoint /api/get-browser-snapshot. Root cause: manipulation of the snapshot_path parameter lets an attacker traverse directories and access sensitive server files, enabling confidentialit...

9.1CVSS6.4AI score0.9057EPSS

Exploits6References4Affected Software1

NVD•added 2024/05/15 5:15 p.m.•7 views

CVE-2023-5938

Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files...

8.9CVSS8.1AI score0.00452EPSS

CVE•added 2024/04/30 12:0 a.m.•49 views

CVE-2023-50915

CVE-2023-50915 affects GOG Galaxy (Beta) 2.0.67.2–2.0.71.2. The issue exists in GalaxyClientService.exe and could allow an authenticated user to overwrite and corrupt critical system files by abusing a combination of an NTFS Junction and an RPC Object Manager symbolic link, potentially leading to...

6.5CVSS6.6AI score0.00207EPSS

Exploits1References3

Qualys Blog•added 2024/04/15 5:37 p.m.•23 views

Navigating the EU NIS2 Directive

How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security NIS2 Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with...

7.6AI score

Hive Pro Threat Advisories•added 2024/03/27 12:15 p.m.•31 views

Evil Ant The Python-Powered Ransomware

Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...

7.5AI score

Prion•added 2023/10/25 6:17 p.m.•16 views

Design/Logic Flaw

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

4.3CVSS7.4AI score0.0006EPSS

Positive Technologies•added 2023/10/25 12:0 a.m.•2 views

PT-2023-28842 · Google · Android Debug Bridge +1

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue allows a low-privileged application to modify a critical system property, enabling the exposure of the Android Debug Bridge ADB protocol on the network. This can be exploited to...

7.9CVSS7.4AI score0.0006EPSS

Exploits0References2

NVD•added 2023/09/25 8:15 p.m.•14 views

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

7.5CVSS7.5AI score0.00266EPSS

UbuntuCve•added 2023/09/25 8:15 p.m.•26 views

CVE-2022-4244

7.5CVSS7.1AI score0.00266EPSS

Cvelist•added 2023/09/25 7:20 p.m.•17 views

CVE-2022-4244 Codehaus-plexus: directory traversal

7.5CVSS7.7AI score0.00266EPSS

Code423n4•added 2023/09/14 12:0 a.m.•11 views

Malicious RestrictionManger can be used to verify Tranche Members

Lines of code Vulnerability details The ability to file a new Restriction Manger after deployment can actually be utilized by a rouge ward and deploy a malicious version of the RestrictionManger that implements almost the same thing as the originals, but just tweaked to return the SUCCESSMESSAGE...

7.2AI score