CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4287 matches found

Hacker One•added 2020/10/13 7:28 p.m.•279 views

HackerOne: 2020-10-09 Credential Stuffing Attack

Executive summary On October 4, 2020 and October 5, 2020, an attacker launched two credential stuffing attacks against HackerOne.com. On October 9, 2020, HackerOne’s Security team noticed the attack during their weekly audit of anomalies in their log aggregation platform, leading to the Incident...

0.9AI score

Exploits0

NVD•added 2020/09/23 10:15 p.m.•19 views

CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

4.7CVSS0.00261EPSS

Exploits0References7

Cvelist•added 2020/09/23 9:18 p.m.•30 views

CVE-2020-25604

5.6AI score0.00261EPSS

Exploits0References7

Zero Day Initiative•added 2020/09/21 12:0 a.m.•42 views

Apple macOS process_token_TexSubImage2D Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...

7.8CVSS4.2AI score0.00216EPSS

Exploits0References1

CNVD•added 2020/09/18 12:0 a.m.•1 views

Google Android Media extractor cross-site scripting vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A cross-site scripting vulnerability exists in the Android-11 version of Media extractor. The vulnerability stems from improper locking and can be exploited by an attacker to cause remote code...

8.8CVSS7.4AI score0.00559EPSS

Exploits0References1

OSV•added 2020/09/17 9:15 p.m.•2 views

CVE-2020-0357

In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

7.8CVSS7.2AI score

Exploits0References1

OSV•added 2020/09/17 9:15 p.m.•2 views

CVE-2020-0303

In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1482232...

8.8CVSS7.8AI score0.00559EPSS

Exploits0References1

CVE•added 2020/09/17 8:51 p.m.•48 views

CVE-2020-0303

CVE-2020-0303 affects the Android 11 Media extractor, where a use-after-free caused by improper locking can lead to remote code execution. The issue concerns the media-extractor component (Android-11) and is described as enabling remote code execution with no or minimal privileges; exploitation r...

8.8CVSS9AI score0.00559EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/09/17 8:51 p.m.•13 views

CVE-2020-0303

9.2AI score0.00559EPSS

Exploits0References1

OSV•added 2020/09/17 7:15 p.m.•1 views

DEBIAN-CVE-2020-0433

In blkmqqueuetagbusyiter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

7.8CVSS6.5AI score0.00151EPSS

Exploits0References1

OSV•added 2020/09/17 7:15 p.m.•3 views

CVE-2020-0433

7.8CVSS8.1AI score

Exploits0References2

NVD•added 2020/09/17 7:15 p.m.•10 views

CVE-2020-0433

7.8CVSS0.00151EPSS

Exploits0References1

UbuntuCve•added 2020/09/17 7:15 p.m.•26 views

CVE-2020-0433

7.8CVSS7AI score0.00151EPSS

Exploits0References4

ATTACKERKB•added 2020/09/17 7:15 p.m.•4 views

CVE-2020-0433

7.8CVSS5.6AI score0.00151EPSS

Exploits0References2

Prion•added 2020/09/17 7:15 p.m.•17 views

Design/Logic Flaw

4.6CVSS7.7AI score0.00151EPSS

Exploits0References1

OSV•added 2020/09/17 7:15 p.m.•0 views

UBUNTU-CVE-2020-0433

7.8CVSS6.8AI score0.00151EPSS

Exploits0References5

Cvelist•added 2020/09/17 6:45 p.m.•20 views

CVE-2020-0433

8.4AI score0.00151EPSS

Exploits0References1

CVE•added 2020/09/17 6:45 p.m.•90 views

CVE-2020-0433

CVE-2020-0433 affects the Android/Linux kernel: use-after-free in blk_mq_queue_tag_busy_iter (blk-mq-tag.c) caused by improper locking, enabling local privilege escalation with no user interaction. Public details in the Initial document describe the flaw; connected Nessus advisories (Unity Linux/...

7.8CVSS8AI score0.00151EPSS

Exploits0References1Affected Software1

Debian CVE•added 2020/09/17 6:45 p.m.•20 views

CVE-2020-0433

7.8CVSS6.2AI score0.00151EPSS

Exploits0

Tenable Nessus•added 2020/09/15 12:0 a.m.•39 views

RHEL 8 : mysql:8.0 (RHSA-2020:3757)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3757 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

7.2CVSS6.8AI score0.03829EPSS

Exploits1References210

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by