CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CheckPoint Security•added 2022/03/31 12:0 a.m.•58 views

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell), CVE-2022-22950

Solution On March 29, 2022, new CVEs were published on Spring Cloud: CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, and CVE-2022-22950. On March 31, 2022, a bypass to the fix for CVE-2010-1622 was published by Praetorian, and received the nickname "Spring4Shell" see Spring Core on JDK9+ is...

10CVSS8.9AI score0.94462EPSS

Exploits197

CheckPoint Security•added 2021/12/10 12:0 a.m.•89 views

Check Point Response to Apache Log4j Remote Code Execution

Solution On December 10, 2021, a proof of concept of a vulnerability in the Apache Log4j Java library CVE-2021-44228 was published. The vulnerability may allow unauthenticated threat actors to obtain remote code execution. The severity of the vulnerability was deemed critical. The Check Point...

10CVSS9.6AI score0.94358EPSS

Exploits348

OPENSUSE Linux•added 2021/01/05 12:0 a.m.•11 views

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0017-1 Rating: moderate References: 1157449 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the followin...

7.5AI score

OPENSUSE Linux•added 2021/01/05 12:0 a.m.•9 views

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0016-1 Rating: moderate References: 1157449 Affected Products: openSUSE Backports SLE-15-SP1 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the followin...

7.5AI score

OSV•added 2021/01/04 11:23 p.m.•1 views

OPENSUSE-SU-2021:0017-1 Security update for privoxy

This update for privoxy fixes the following issues: privoxy was updated to 3.0.29: Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. OVE-20201118-0001 Fixed a memory leak in the show-status CGI handler when no action files are...

7.2AI score

OSV•added 2021/01/04 11:23 p.m.•1 views

OPENSUSE-SU-2021:0016-1 Security update for privoxy

7.2AI score

OSV•added 2021/01/01 5:21 p.m.•4 views

OPENSUSE-SU-2021:0006-1 Security update for privoxy

7.2AI score

OPENSUSE Linux•added 2021/01/01 12:0 a.m.•17 views

Security update for privoxy (moderate)

openSUSE Security Update: Security update for privoxy Announcement ID: openSUSE-SU-2021:0006-1 Rating: moderate References: 1157449 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for privoxy fixes the...

7.5AI score

Kitploit•added 2019/12/07 8:53 p.m.•587 views

Apk-Mitm - A CLI Application That Prepares Android APK Files For HTTPS Inspection

A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to...

7.3AI score

Exploits0References10

CISA•added 2019/11/19 12:0 a.m.•14 views

NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection

The National Security Agency NSA has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection TLSI. This short, informative document defines TLSI a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted, explains some risk...

6.7AI score

n0where•added 2018/05/29 2:29 a.m.•23 views

CERT Tapioca for MITM Analysis

CERT Tapioca is a utility for testing mobile or any other application using MITM techniques. CERT Tapioca development was sponsored by the United States Army Armament Research, Development and Engineering Center ARDEC as well as the United States Department of Homeland Security DHS. Installation...

0.1AI score

ThreatPost•added 2017/03/17 6:0 a.m.•9 views

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Recent academic work looking at the degradation of security occurring when HTTPS inspection tools are sitting in TLS traffic streams has been escalated by an alert published Thursday by the Department of Homeland Security. DHS’ US-CERT warned enterprises that running standalone inspection...

7AI score

Check Point Advisories•added 2016/03/13 12:0 a.m.•0 views

Suspicious HTTPS Gmail Mail Attachment Containing JavaScript Code

Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...

1.5AI score

CNVD•added 2016/03/11 12:0 a.m.•1 views

Cisco ASA 5500 Content Security and Control Security Services Module Denial of Service Vulnerability

The Cisco ASA 5500 is an X-Series next-generation firewall security appliance from Cisco, Inc.The Content Security and Control Security Services Module CSC-SSM is one of the content security and control security services modules. A security vulnerability exists in the HTTPS inspection engine in...

7.8CVSS6.7AI score0.00743EPSS

Exploits0References1

Prion•added 2016/03/09 8:59 p.m.•11 views

Design/Logic Flaw

The HTTPS inspection engine in the Content Security and Control Security Services Module CSC-SSM 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service memory consumption or device reload via a flood of HTTPS packets, aka Bug ID CSCue76147...

7.8CVSS7.3AI score0.00743EPSS

Exploits0References3Affected Software1

NVD•added 2016/03/09 8:59 p.m.•5 views

CVE-2016-1312

7.8CVSS7.5AI score0.00743EPSS

Cvelist•added 2016/03/09 8:0 p.m.•11 views

CVE-2016-1312

7.5AI score0.00743EPSS