CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2024/08/21 12:0 a.m.•3 views

Google Chrome 安全漏洞

4.3CVSS6.4AI score0.00513EPSS

CNNVD•added 2024/08/21 12:0 a.m.•1 views

Google Chrome 安全漏洞

Google Chrome is a web browser by Google Inc. of the U.S. V8 is one of the open source JavaScript engines. A security vulnerability exists in Google Chrome version 128.0.6613.84 and prior versions, which stems from the inclusion of a mal-implementation issue...

8.8CVSS7.5AI score0.22799EPSS

Exploits2References6

CNNVD•added 2024/08/21 12:0 a.m.•5 views

Google Chrome 安全漏洞

4.3CVSS6.4AI score0.00508EPSS

NVD•added 2024/07/24 8:15 a.m.•10 views

CVE-2024-3454

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric footprinting, even though the protocol is designed to prevent access to such information...

3.5CVSS0.00106EPSS

CVE•added 2024/07/24 7:58 a.m.•56 views

CVE-2024-3454

The CVE-CNA details a concrete issue in connectedhomeip SDK 1.2 implementing the Matter 1.2 protocol, where an implementation flaw allows footprinting: a third party can disclose information about devices in the same fabric. Root cause: the Matter 1.2 protocol handling within connectedhomeip SDK ...

3.5CVSS3.9AI score0.00106EPSS

CNVD•added 2024/07/18 12:0 a.m.•5 views

Unspecified Vulnerability in Google Chrome (CNVD-2024-35183)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from a mal-implementation issue found in the V8 module. No details of the vulnerability are provided at this time...

8.8CVSS6.4AI score0.00603EPSS

Exploits1References1

Tenable Nessus•added 2024/05/11 12:0 a.m.•37 views

RHEL 9 : go-git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients...

8AI score0.04027EPSS

Exploits0References2

Pen Test Partners Blog•added 2024/05/03 5:12 a.m.•60 views

Vulnerabilities that (mostly) aren’t: LUCKY13

TL;DR LUCKY13 is more an attack than a vulnerability LUCKY13 was patched over a decade ago … so it’s really unlikely that your server is vulnerable now Its an implementation issue Disabling CBC ciphers is still a good idea … but not because of susceptibility to LUCKY13 There is no material risk i...

2.6CVSS7.4AI score0.00943EPSS

Exploits0

CNNVD•added 2024/02/20 12:0 a.m.•2 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability previously existed in Google Chrome version 122.0.6261.57, which stemmed from a mal-implementation issue in the Navigation module. An attacker could exploit this vulnerability to bypass security...

8.8CVSS8.9AI score0.00036EPSS

UbuntuCve•added 2024/01/12 11:15 a.m.•50 views

CVE-2023-49569

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

9.8CVSS7AI score0.04027EPSS

Exploits0References3

Prion•added 2024/01/12 11:15 a.m.•30 views

Path traversal

7.5CVSS7.7AI score0.04027EPSS

UbuntuCve•added 2024/01/12 11:15 a.m.•19 views

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

7.5CVSS6.8AI score0.00112EPSS

Exploits0References3

Prion•added 2024/01/12 11:15 a.m.•18 views

Design/Logic Flaw

5CVSS6.7AI score0.00112EPSS

Vulnrichment•added 2024/01/12 10:41 a.m.•46 views

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

9.8CVSS7.4AI score0.04027EPSS

Ubuntu•added 2023/12/06 1:34 p.m.•87 views

USN-6536-1: Linux kernel vulnerabilities

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2023-39189 Kyle Zeng...

8.8CVSS7.4AI score0.08105EPSS

Exploits3

NVD•added 2023/09/21 2:15 p.m.•13 views

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

7.8CVSS7.7AI score0.00027EPSS

Cvelist•added 2023/09/21 1:20 p.m.•12 views

CVE-2023-43637 Vault Key Partially Predetermined

7.8CVSS7.8AI score0.00027EPSS

CVE•added 2023/09/21 1:20 p.m.•39 views

CVE-2023-43637

The CVE describes a cryptographic weakness in EVE’s deriveVaultKey used by the vault key derivation flow. Before version 7.10, the generated 32-byte vault key was weakened because deriveVaultKey calls retrieveCloudKey (which returns a fixed 32-byte key) and then merges it with the random 32-byte ...

7.8CVSS7.7AI score0.00027EPSS