CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2022/10/04 2:29 a.m.•3 views

Malicious code in webcm-dev (npm)

6.9AI score

Cloud Foundry•added 2022/09/29 12:0 a.m.•31 views

USN-5587-1: curl vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return a 400 Bad Request Error response. A malicious cookie host...

3.7CVSS6.4AI score0.00289EPSS

Exploits1Affected Software3

CNVD•added 2022/09/28 12:0 a.m.•27 views

ZFile arbitrary file upload vulnerability

ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...

9.8CVSS3.2AI score0.00433EPSS

Exploits1References1

Packet Storm•added 2022/09/23 12:0 a.m.•388 views

Teleport 10.1.1 Remote Code Execution

Exploit Title: Teleport v10.1.1 - Remote Code Execution RCE Date: 08/01/2022 Exploit Author: Brandon Roach & Brian Landrum Vendor Homepage: https://goteleport.com Software Link: https://github.com/gravitational/teleport Version: /dev/tcp/10.0.0.1/5555 0&1...

8.8CVSS8.8AI score0.3029EPSS

Exploits6

The Hacker News•added 2022/09/19 8:50 a.m.•24 views

Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "The attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices,"...

1.2AI score

Positive Technologies•added 2022/09/17 12:0 a.m.•2 views

PT-2022-34116 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue is related to sleep in atomic context bugs caused by dev coredump. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

OSV•added 2022/09/16 11:59 p.m.•13 views

GSD-2022-1005466 xfrm: policy: fix metadata dst->dev xmit null pointer dereference

xfrm: policy: fix metadata dst-dev xmit null pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.64 by commit...

OSV•added 2022/09/16 11:28 p.m.•8 views

GSD-2022-1005056 xfrm: policy: fix metadata dst->dev xmit null pointer dereference

vulnersOsv•added 2022/09/16 8:28 p.m.•1 views

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:GHSA-X996-7QH9-7FF7...

7.5CVSS7.1AI score0.00594EPSS

Positive Technologies•added 2022/09/16 12:0 a.m.•2 views

PT-2022-33484 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to a refcount leak in the mt8173 rt5650 rt5676 dev probe function. It was introduced in version v4.2 and fixed in version v5.19.2. The actual impact and attack...

Positive Technologies•added 2022/09/16 12:0 a.m.•4 views

PT-2022-33419 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: A NULL pointer dereference issue exists in the dev parse header protocol function when skb-dev is null. This issue was introduced in version v5.12 and is fixed in Linux Kernel version v5.19....

7.1AI score

Positive Technologies•added 2022/09/16 12:0 a.m.•2 views

PT-2022-33710 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.64 Description: The issue concerns data-races around weight p and dev weight rtx bias. It was introduced in version v4.11 and fixed in version v5.15.64. The actual impact and attack plausibility have not y...

UbuntuCve•added 2022/09/15 9:15 a.m.•23 views

CVE-2022-3222

Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV...

5.5CVSS6.8AI score0.00216EPSS

Exploits1References4

The Hacker News•added 2022/09/15 6:49 a.m.•253 views

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps IRGC for their involvement in ransomware attacks at least since October 2020. The agency said...

10CVSS0.5AI score0.94473EPSS

Exploits383

CNNVD•added 2022/09/15 12:0 a.m.•1 views

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in versions prior to GPAC 2.1.0-DEV that stems from a segmentation error in SFSExpression...

5.5CVSS6.9AI score0.00216EPSS

Exploits1References5

Hacker One•added 2022/09/14 4:5 p.m.•450 views

Cloudflare Public Bug Bounty: Take over subdomains of r2.dev using R2 custom domains

███████ ████ ████ ███████████████████████████ ███ ██████████ It is possible to take over any subdomain of r2.dev possible also the base domain and have it serve the contents of an R2 bucket in your account. Requirements Access to R2 public buckets in the dashboard is currently behind a flag. The...

6.8AI score