CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1404 matches found

OSV•added 2021/08/19 4:15 p.m.•3 views

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

6.1CVSS6.6AI score0.00947EPSS

Exploits1References2

Tenable Nessus•added 2021/08/16 12:0 a.m.•91 views

RHEL 8 : OpenShift Container Platform 4.6.42 (RHSA-2021:3009)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3009 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

7.5CVSS7.2AI score0.07032EPSS

Exploits4References12

Github Security Blog•added 2021/08/13 3:22 p.m.•150 views

Timing based private key exposure in Bouncy Castle

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of...

5.9CVSS1.5AI score0.01522EPSS

Exploits0References6Affected Software9

GitLab Advisory Database•added 2021/08/13 12:0 a.m.•32 views

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

5.9CVSS6.7AI score0.01522EPSS

Exploits0References6Affected Software1

OSV•added 2021/08/12 11:15 p.m.•0 views

PYSEC-2021-287

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS5.9AI score0.00185EPSS

Exploits0References3

RedHat Linux•added 2021/08/12 12:41 a.m.•294 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.42 security update

Red Hat OpenShift Container Platform release 4.6.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...

7.5CVSS6.7AI score0.07032EPSS

Exploits4References6

Positive Technologies•added 2021/08/12 12:0 a.m.•4 views

PT-2021-21782 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: In affected versions, due to incomplete validation in MKL implementation of...

9.3CVSS5.8AI score0.00451EPSS

Exploits5References89

RedHat Linux•added 2021/08/11 5:14 a.m.•2 views

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.03372EPSS

Exploits1References5

Tenable Nessus•added 2021/08/10 12:0 a.m.•47 views

RHEL 7 / 8 : OpenShift Container Platform 4.8.4 (RHSA-2021:2984)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2984 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

7.5CVSS7.2AI score0.07032EPSS

Exploits5References16

OSV•added 2021/08/06 11:3 a.m.•3 views

OESA-2021-1301 bouncycastle security update

The package is organised so that it contains a light-weight API suitable for use in any environment including the newly released J2ME with the additional infrastructure to conform the algorithms to the JCE framework. Security Fixes: Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJ...

5.9CVSS6.7AI score0.01522EPSS

Exploits0References2

OSV•added 2021/08/02 7:15 p.m.•32 views

CVE-2021-33198