CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4134 matches found

Malwarebytes•added 2023/11/15 10:18 p.m.•72 views

Ransomware review: November 2023

This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7.5CVSS10AI score0.99156EPSS

Exploits39

RedHat Linux•added 2023/11/14 4:3 p.m.•3 views

containerd: Supplementary groups are not set up properly

A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some...

7.8CVSS6.9AI score0.00542EPSS

Exploits1References9

RedHat Linux•added 2023/11/14 3:46 p.m.•1 views

kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgrouprstatflush is only called at cssreleaseworkfn, which is called when the blkcg reference count reaches 0. This circula...

5.5CVSS6.6AI score0.00247EPSS

Exploits0References5

RedHat Linux•added 2023/11/14 3:46 p.m.•3 views

kernel: memcg: fix possible use-after-free in memcg_write_event_control()

In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcgwriteeventcontrol memcgwriteeventcontrol accesses the dentry-dname of the specified control fd to route the write call. As a cgroup interface file can't be renamed, it's safe to access...

7CVSS6.4AI score0.00242EPSS

Exploits0References5

Securelist•added 2023/11/14 10:0 a.m.•85 views

Advanced threat predictions for 2024

Advanced persistent threats APTs are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is...

7.5CVSS8.7AI score0.86956EPSS

Exploits5

Wired Threat Level•added 2023/11/13 9:12 p.m.•18 views

US Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers

An effort to reauthorize a controversial US surveillance program by attaching it to a must-pass spending bill has civil liberties advocates calling foul...

7.2AI score

Exploits0

Veracode•added 2023/11/13 7:40 a.m.•27 views

Improper Access Control

Moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists because it does not properly control access in the Only See membership group, allowing an attacker to view information from other student groups...

4.3CVSS6.7AI score0.00433EPSS

Exploits0References5Affected Software1

VulnCheck KEV•added 2023/11/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-39960

The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a plugins/servlet/groupexportforjira/admin/ URI...

5.3CVSS6AI score0.2568EPSS

Exploits1References1

Wired Threat Level•added 2023/11/10 8:0 a.m.•26 views

This New Tool Aims to Keep Terrorism Content Off the Internet

Small platforms without resources to handle takedown requests have been weaponized by terrorist groups that share their content online. A free new tool is coming to help clean house...

7.5AI score

Exploits0