CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We shared these findings with Apple through...

4.3CVSS8.2AI score0.01938EPSS

Exploits0

Microsoft Malware Protection•added 2022/12/19 6:0 p.m.•47 views

Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit to demonstrate t...

5CVSS6AI score0.83081EPSS

Exploits13

Microsoft Secure•added 2022/07/13 4:0 p.m.•49 views

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure CVD via Microsoft Security Vulnerability Research MSVR in October...

5CVSS8.2AI score0.01518EPSS

Exploits0

Microsoft Secure•added 2022/01/10 5:0 p.m.•93 views

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control TCC technology, thereby gaining unauthorized access to a user’s protected data. We...

4.6CVSS7.5AI score0.02103EPSS

Exploits1

Microsoft Malware Protection•added 2021/09/02 4:0 p.m.•88 views

A deep-dive into the SolarWinds Serv-U SSH vulnerability

Several weeks ago, Microsoft detected a 0-day remote code execution exploit being used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributed the attack with high confidence to DEV-0322, a group operating out of Chin...

10CVSS10AI score0.94321EPSS

Exploits2

Hacker One•added 2021/05/12 1:14 p.m.•28 views

GlassWire: GlassWire 2.1.167 vulnerability - MSVR 56639

Arbitrary code execution vulnerability within the firewall software, GlassWire version 2.1.167 Impact After the program is installed, on first execution, it will attempt to load Wtsapi32.dll.dll from the user's PATH without doing any checks to see if the file is signed. Attached is a demo...

7.5CVSS9.3AI score0.00956EPSS

Exploits0

CVE•added 2021/04/16 5:35 p.m.•82 views

CVE-2021-29443

CVE-2021-29443 affects the jose npm library. Vulnerable versions of the library perform HMAC tag verification after attempting CBC decryption, creating a possible padding oracle through observable timing differences during decryption of AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS5...

5.9CVSS5.6AI score0.00316EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2020/04/08 5:24 p.m.•25 views

CVE-2016-9538

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer because of a uint16 integer overflow. Reported as MSVR 35100...

9.8CVSS3.9AI score0.00416EPSS

Exploits0References1

Tenable Nessus•added 2017/12/21 12:0 a.m.•38 views

F5 Networks BIG-IP : LibTIFF vulnerabilities (K34527393)

CVE-2016-9533 tifpixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka 'PixarLog horizontalDifference heap-buffer-overflow.' CVE-2016-9534 tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that...

9.8CVSS7.5AI score0.00604EPSS

Exploits1References4

RedHat Linux•added 2017/02/01 10:3 a.m.•1 views

libtiff: Predictor heap-buffer-overflow

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

9.8CVSS7.5AI score0.00604EPSS

Exploits0References4

RedhatCVE•added 2016/11/23 5:19 p.m.•27 views

CVE-2016-9536

tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2pprocessjpegstrip. Reported as MSVR 35098, aka "t2pprocessjpegstrip heap-buffer-overflow."...

9.8CVSS2.5AI score0.00416EPSS

Exploits0References1

RedhatCVE•added 2016/11/23 5:19 p.m.•18 views

CVE-2016-9537

tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097...

9.8CVSS3.4AI score0.00416EPSS

Exploits0References1

RedhatCVE•added 2016/11/23 5:18 p.m.•27 views

CVE-2016-9534

tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...

9.8CVSS4.2AI score0.00448EPSS

Exploits1References1

RedhatCVE•added 2016/11/23 5:18 p.m.•27 views

CVE-2016-9540

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."...

9.8CVSS3AI score0.00419EPSS

Exploits0References1

RedhatCVE•added 2016/11/23 5:18 p.m.•21 views

CVE-2016-9539

tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer. Reported as MSVR 35092...

9.8CVSS8.9AI score0.00416EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by