CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

Prion•added 2020/07/17 7:15 p.m.•15 views

Design/Logic Flaw

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of small fragments requiring reassembly,...

5CVSS7.5AI score0.01075EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/07/17 6:40 p.m.•18 views

CVE-2020-1655 Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation

5.3CVSS5.2AI score0.01037EPSS

Exploits0References2

Kitploit•added 2019/09/21 12:0 p.m.•717 views

Mitaka - A Browser Extension For OSINT Search

Mitaka is a browser extension for OSINT search which can: Extract & refang IoC from a selected block of text. E.g. example.com to example.com, testatexample.com to [email protected], hxxp://example.com to http://example.com, etc. Search / scan it on various engines. E.g. VirusTotal,...

8.1CVSS8.3AI score0.99993EPSS

Exploits41References4

IBM Security Bulletins•added 2019/07/19 6:5 p.m.•11 views

Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in Project Calico, the network CNI plugin used in IBM Cloud Kubernetes Service, which could result in weaker than expected network policy protection. Vulnerability Details CVEID: None available DESCRIPTION: Project Calic...

7AI score

Exploits0Affected Software1

vulnersOsv•added 2019/02/18 11:50 p.m.•5 views

nodeway-ipip (>=0.0.1 <=1.0.2) potentially affected by CVE-2016-10594 via ipip (=3.0.0)

ipip NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ipip and may be impacted: - nodeway-ipip =0.0.1, =1.0.2 Source cves: CVE-2016-10594 Source advisory: OSV:GHSA-9GQH-Q4CX-F2H9...

8.1CVSS6.8AI score0.00578EPSS

Exploits0

Github Security Blog•added 2019/02/18 11:50 p.m.•22 views

ipip downloads Resources over HTTP

Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...

8.1CVSS7.9AI score0.00578EPSS

Exploits0References3Affected Software1

OSV•added 2019/02/18 11:44 p.m.•12 views

GHSA-M8PW-H8QJ-RGJ9 ipip-coffee downloads Resources over HTTP

Affected versions of ipip-coffee insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions by an...

8.1CVSS7.9AI score0.00546EPSS

Exploits0References3

Github Security Blog•added 2019/02/18 11:44 p.m.•18 views

ipip-coffee downloads Resources over HTTP

8.1CVSS7.7AI score0.00546EPSS

Exploits0References3Affected Software1

CNVD•added 2018/06/15 12:0 a.m.•1 views

Unspecified vulnerability in ipip-coffee

ipip-coffee is an IP database query module for Node.js. A security vulnerability exists in ipip-coffee that originates when the program downloads resources over HTTP. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack, affecting the integrity and availability of data...

8.1CVSS7.8AI score0.00546EPSS

Exploits0References1

NVD•added 2018/06/04 4:29 p.m.•18 views

CVE-2016-10673

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application...

8.1CVSS7.9AI score0.00546EPSS

Exploits0References1

Prion•added 2018/06/04 4:29 p.m.•11 views

Code injection

6.8CVSS6.8AI score0.00546EPSS

Exploits0References1Affected Software1

CVE•added 2018/06/04 4:0 p.m.•55 views

CVE-2016-10673

ipip-coffee is vulnerable to MITM attacks because it downloads geolocation resources over HTTP. The root cause is unencrypted HTTP resource retrieval, which can allow an attacker with a privileged network position to modify or read resources, impacting the integrity and availability of geolocatio...

8.1CVSS7.8AI score0.00546EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/06/04 4:0 p.m.•19 views

CVE-2016-10673

7.9AI score0.00546EPSS

Exploits0References1

Prion•added 2018/06/01 6:29 p.m.•10 views

Information disclosure

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

6.8CVSS6.8AI score0.00578EPSS

Exploits0References1

CVE•added 2018/06/01 6:0 p.m.•50 views

CVE-2016-10594

CVE-2016-10594 concerns the Node.js package ipip, which downloads data resources over HTTP from ipip.net. The root cause is insecure HTTP fetches, enabling a network attacker with position to modify or read the resources, potentially leading to information disclosure and, in some configurations, ...

8.1CVSS7.8AI score0.00578EPSS

Exploits0References1Affected Software1

Veracode•added 2017/01/04 6:26 a.m.•17 views

Man In The Middle (MitM)

ipip-coffee is vulnerable to man-in-the-middle MitM attacks. It downloads geolocation resources over HTTP, which leaves it vulnerable to MitM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application...

8.1CVSS7.7AI score0.00546EPSS

Exploits0References1Affected Software1

Veracode•added 2017/01/04 3:2 a.m.•10 views

Man In The Middle (MitM)

ipip is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...

8.1CVSS8.3AI score0.00578EPSS

Exploits0References1Affected Software1

Node.js•added 2016/12/02 4:28 a.m.•32 views

Downloads Resources over HTTP

Overview Affected versions of ipip-coffee insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decision...

6.8CVSS3.6AI score0.00546EPSS

Exploits0Affected Software1

Node.js•added 2016/11/30 11:56 p.m.•42 views

Downloads Resources over HTTP

Overview Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

6.8CVSS2.4AI score0.00578EPSS

Exploits0Affected Software1

NVD•added 2016/09/09 2:5 p.m.•21 views

CVE-2016-1277

Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remot...

7.1CVSS5.7AI score0.01664EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by