Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5460 matches found

OSV
OSVadded 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

8.8CVSS8AI score0.00856EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2022/12/22 12:0 a.m.28 views

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

8.8CVSS8.9AI score0.00856EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2022/12/22 12:0 a.m.50 views

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

8.8CVSS8.7AI score0.00856EPSS
Exploits1
Prion
Prionadded 2022/12/19 2:15 p.m.13 views

Design/Logic Flaw

DISPUTED A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real...

5CVSS7.5AI score0.0038EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2022/12/19 12:0 a.m.19 views

CVE-2021-4258

A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of th...

7.5CVSS7.5AI score0.0038EPSS
Exploits0
Kitploit
Kitploitadded 2022/12/18 11:30 a.m.73 views

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...

7.7AI score
Exploits0References11
Huntr
Huntradded 2022/12/18 3:29 a.m.15 views

Multiple Blind SQL Injection Vulnerabilities in Reports

Description SQL injection typically allows an attacker to extract the entire database from the vulnerable website, including user information, encrypted passwords, and business data. This can subsequently lead to mass compromise of user accounts, data being encrypted and held to ransom, or stolen...

7.8AI score
Exploits0References1
NVD
NVDadded 2022/12/13 4:15 p.m.30 views

CVE-2022-46142

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords...

5.7CVSS0.00262EPSS
Exploits0References2
OSV
OSVadded 2022/12/13 8:35 a.m.5 views

USN-5776-1 containerd vulnerabilities

It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. CVE-2022-23471, CVE-2022-31030 It was discovered that containerd incorrectly set ...

7.5CVSS6.5AI score0.02676EPSS
Exploits1References5
Ubuntu
Ubuntuadded 2022/12/13 8:35 a.m.290 views

USN-5776-1: containerd vulnerabilities

It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. CVE-2022-23471, CVE-2022-31030 It was discovered that containerd incorrectly set ...

7.5CVSS6.6AI score0.02676EPSS
Exploits1
Pen Test Partners Blog
Pen Test Partners Blogadded 2022/12/13 6:30 a.m.33 views

What’s My Name Again? Reolink camera command injection

TL;DR Research on Reolink’s RLC-520A smart motion detection camera has turned up an authenticated command injection vulnerability. Exploiting this vulnerability with an injected system command can render the device useless. Introduction The camera is vulnerable to an authenticated command injecti...

8AI score
Exploits0
CNNVD
CNNVDadded 2022/12/13 12:0 a.m.8 views

SICK RFU61x 加密问题漏洞

The SICK RFU61x is the smallest read/write device in the SICK UHF portfolio from SICK. It is ideally suited for IoT applications directly on workpieces or components. A security vulnerability exists in the SICK RFU61x firmware version prior to v2.25, which stems from the fact that the use of a...

6.5CVSS6.6AI score0.00312EPSS
Exploits0References2
CVE
CVEadded 2022/12/13 12:0 a.m.95 views

CVE-2022-46142

CVE-2022-46142 affects Siemens RUGGEDCOM and SCALANCE devices. CLI passwords are stored in flash memory in an encrypted/recoverable form, so attackers with physical access could retrieve and decrypt them. Root cause: storing CLI passwords in flash; impact: confidentiality high; exploitation requi...

5.7CVSS5.3AI score0.00262EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTECadded 2022/12/12 12:0 a.m.5 views

The vulnerability of the protection mechanism for detecting and responding to security threats at FortiEDR endpoints lies in the use of a strictly encrypted cryptographic key. This allows attackers to gain unauthorized access to the protected information.

The vulnerability of the security tool for detecting and responding to security threats at end points in FortiEDR is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected informati...

9.4CVSS7.7AI score0.00897EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTECadded 2022/12/12 12:0 a.m.5 views

The vulnerability of the implementation of the Collectors registration mechanism in the security device’s functions for identifying and responding to security threats at end points FortiEDR allows a perpetrator to remove a device from the Collectors list and cause a service failure.

The vulnerability of the Collectors registration mechanism implementation in the security, threat detection, and response system for FortiEDR endpoints is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability allows an attacker to remove a device from the...

7.8CVSS7.2AI score0.0019EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/12/09 6:15 p.m.4 views

CVE-2022-29838

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...

4.6CVSS5.8AI score0.00264EPSS
Exploits0References1
NVD
NVDadded 2022/12/09 6:15 p.m.12 views

CVE-2022-29838

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...

4.6CVSS0.00264EPSS
Exploits0References1
Prion
Prionadded 2022/12/09 6:15 p.m.13 views

Authentication flaw

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...

2.1CVSS4.8AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/12/09 12:0 a.m.15 views

CVE-2022-29838 Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...

4.3CVSS6AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/12/09 12:0 a.m.6 views

CVE-2022-29838 Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...

4.3CVSS6.7AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder