CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2428 matches found

The Hacker News•added 2022/10/31 10:25 a.m.•42 views

Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting XSS bug that occurs when handlin...

1.6AI score

Exploits0

Japan Vulnerability Notes•added 2022/10/19 5:8 a.m.•2 views

Lemon8 App fails to restrict access permissions

Overview Lemon8 by ByteDance K.K. provides the function to access a requested URL using Custom URL Scheme/DeepLink. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Ryo Sato of BroadBand Security,Inc. reported this...

6.5CVSS6.6AI score0.00416EPSS

Exploits0References6

Hacker One•added 2022/10/18 6:36 p.m.•45 views

Nextcloud: CSRF vulnerability in Nextcloud Desktop Client 3.6.1 on Windows when clicking malicious link

Summary It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link. e.g. in an email, chat link, etc This vulnerability was introduced in an attempt to fix 1720043. The patch however can be bypassed and also introduced a CSRF vulnerability...

6.8CVSS8.7AI score0.00104EPSS

Exploits0

RedHat Linux•added 2022/10/04 4:2 p.m.•2 views

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

7.5CVSS6.7AI score0.00487EPSS

Exploits1References5

OSV•added 2022/10/02 5:15 a.m.•37 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS7.5AI score

Exploits0References7

OSV•added 2022/10/02 5:15 a.m.•2 views

DEBIAN-CVE-2022-42003

7.5CVSS6.5AI score0.00317EPSS

Exploits2References1

UbuntuCve•added 2022/10/02 5:15 a.m.•50 views

CVE-2022-42003

7.5CVSS6.8AI score0.00317EPSS

Exploits2References5

ATTACKERKB•added 2022/10/02 5:15 a.m.•1 views

CVE-2022-42003

7.5CVSS6.7AI score0.00317EPSS

Exploits2References8

Positive Technologies•added 2022/10/02 12:0 a.m.•6 views

PT-2022-6920 · Atlassian +4 · Bitbucket Data Center/Server +9

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.4.0-rc1 through 2.12.7.1 FasterXML jackson-databind versions 2.13.x through 2.13.4.1 Bamboo Data Center and Server versions 9.1.0 through 9.2.4 Bamboo Data Center and Server versions 9.3.0 through 9.3.2...

9.8CVSS6.5AI score0.62015EPSS

Exploits26References203

OSV•added 2022/09/28 9:15 p.m.•1 views

CVE-2022-40708

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code o...

3.3CVSS5.8AI score0.00239EPSS

Exploits0References2

ATTACKERKB•added 2022/09/28 9:15 p.m.•0 views

CVE-2022-40709

3.3CVSS5.8AI score0.00239EPSS

Exploits0References3Affected Software1

OSV•added 2022/09/28 9:15 p.m.•1 views

CVE-2022-40710

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS6AI score0.00172EPSS

Exploits0References2