CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

221 matches found

Cvelist•added 2022/05/19 9:55 a.m.•16 views

CVE-2022-1183 Destroying a TLS session early causes assertion failure

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

7.5CVSS7.6AI score0.00392EPSS

Exploits0References2

Debian CVE•added 2022/05/19 9:55 a.m.•51 views

CVE-2022-1183

7.5CVSS7.3AI score0.00392EPSS

Exploits0

OpenVAS•added 2022/01/28 12:0 a.m.•25 views

Mageia: Security Advisory (MGASA-2020-0427)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.1AI score0.04946EPSS

Exploits1References5

ThreatPost•added 2021/12/08 7:28 p.m.•24 views

Not with a Bang but a Whisper: The Shift to Stealthy C2

As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat APT malware and the billion-dollar infosec...

7.2AI score

Exploits0References3

Malwarebytes•added 2021/07/19 9:43 a.m.•58 views

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...

7.3AI score

Exploits0

Malwarebytes•added 2021/07/12 12:28 p.m.•56 views

DNS-over-HTTPS takes another small step towards global domination

Firefox recently announced that it will be rolling out DNS-over-HTTPS or DoH soon to one percent of its Canadian users as part of its partnership with CIRA the Canadian Internet Registration Authority, the Ontario-based organization responsible for managing the .ca top-level domain for Canada and...

0.8AI score

Exploits0

Tenable Nessus•added 2021/02/04 12:0 a.m.•62 views

Oracle Linux 6 : thunderbird (ELSA-2020-5238)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5238 advisory. 78.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.5.0-1 - Update to 78.5.0 build3 Tenable has...

9.3CVSS7.4AI score0.04946EPSS

Exploits1References11

The Hacker News•added 2021/01/16 7:30 a.m.•55 views

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

The U.S. National Security Agency NSA on Friday said DNS over HTTPS DoH — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transpo...

7.4AI score

Exploits0

OSV•added 2020/12/09 1:15 a.m.•4 views

CVE-2020-26961

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...

6.5CVSS8AI score

Exploits0References4

NVD•added 2020/12/09 1:15 a.m.•10 views

CVE-2020-26961

6.5CVSS6.8AI score0.00275EPSS

Exploits0References4

Prion•added 2020/12/09 1:15 a.m.•16 views

Design/Logic Flaw

4.3CVSS6.4AI score0.00275EPSS

Exploits0References4Affected Software3

AlpineLinux•added 2020/12/09 12:23 a.m.•28 views

CVE-2020-26961

6.5CVSS7.1AI score0.00275EPSS

Exploits0

CVE•added 2020/12/09 12:23 a.m.•274 views

CVE-2020-26961

CVE-2020-26961 describes a DoH-related issue where IPv4 addresses mapped through IPv6 bypass RFC1918 filtering, enabling a DNS rebinding-like condition in Firefox/Thunderbird before versions 83/78.5. Connected sources (CentOS advisories) confirm Mozilla patches addressing multiple issues includin...

6.5CVSS6.8AI score0.00275EPSS

Exploits0References4Affected Software3

Debian CVE•added 2020/12/09 12:23 a.m.•47 views

CVE-2020-26961

6.5CVSS7.8AI score0.00275EPSS

Exploits0

Cvelist•added 2020/12/09 12:23 a.m.•14 views

CVE-2020-26961

6.9AI score0.00275EPSS

Exploits0References4

The Hacker News•added 2020/12/04 8:6 a.m.•40 views

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by...

0.7AI score

Exploits0

ThreatPost•added 2020/12/03 5:20 p.m.•82 views

DeathStalker APT Spices Things Up with PowerPepper Malware

The DeathStalker advanced persistent threat APT group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal sectors, according to...

7.8AI score

Exploits0References5

Securelist•added 2020/12/03 10:0 a.m.•91 views

What did DeathStalker hide between two ferns?

DeathStalker is a threat actor thats been active since at least 2012, and we exposed most of their past activities in a previous article, as well as during a GREAT Ideas conference in August 2020. The actor drew our attention in 2018 because of distinctive attack characteristics that didnt fit in...

0.3AI score

Exploits0