CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Microsoft Secure•added 2020/06/24 4:0 p.m.•3642 views

Defending Exchange servers under attack

Securing Exchange servers is one of the most important things defenders can do to limit organizational exposure to attacks. Any threat or vulnerability impacting Exchange servers should be treated with the highest priority because these servers contain critical business data, as well as highly...

9CVSS0.3AI score0.94381EPSS

Exploits30

RedHat Linux•added 2020/06/15 4:17 p.m.•3 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

ThreatPost•added 2020/05/19 3:44 p.m.•79 views

Adobe Patches Critical RCE Flaw in Character Animator App

Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. The flaw can be exploited by a remote attacker to execute code on affected systems. The flaw CVE-2020-9586 is found in versions 3.2 and earlier...

9.3CVSS0.3AI score0.06707EPSS

Exploits1References9

RedHat Linux•added 2020/05/18 10:24 a.m.•1 views

HTTP/2: large amount of data requests leads to denial of service

OSV•added 2020/05/11 3:49 p.m.•6 views

SUSE-SU-2020:1250-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. Non-security issues fixed: - apparmor: avoid copying empty profile name bsc1149100. - logging: ensure virtlogd rollover takes priority...

6.5CVSS6.7AI score0.00689EPSS

Exploits1References8

RedHat Linux•added 2020/04/14 1:4 p.m.•0 views

HTTP/2: large amount of data requests leads to denial of service

Microsoft KB•added 2020/04/13 12:0 a.m.•191 views

Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015

Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory,...

6.3AI score

UbuntuCve•added 2020/04/01 6:15 p.m.•37 views

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

6.5CVSS6.9AI score0.00405EPSS

Exploits0References3

RedHat Linux•added 2020/03/26 3:46 p.m.•2 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.06587EPSS

RedHat Linux•added 2020/03/23 8:21 a.m.•0 views

HTTP/2: large amount of data requests leads to denial of service

ThreatPost•added 2020/01/29 3:27 p.m.•256 views

Critical Flaws in Magento e-Commerce Platform Allow Code-Execution

Critical vulnerabilities in Adobe’s Magento e-commerce platform – a favorite target of the Magecart cybergang – could lead to arbitrary code execution. Adobe issued patches on Tuesday as part of its overall release of the Magento 2.3.4 upgrade, giving the fixes a “priority 2” rating. In Adobe...

10CVSS1.5AI score0.17339EPSS

Exploits1References11

UbuntuCve•added 2020/01/28 3:15 p.m.•18 views

CVE-2013-1437

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...

9.8CVSS7.6AI score0.00898EPSS

Exploits0References1

OSV•added 2020/01/23 4:57 p.m.•2 views

USN-4233-2 gnutls28 update

USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFYALLOWBROKEN and %VERIFYALLOWSIGNWITHSHA1 priority strings that can be used to temporarily re-enable SHA1 until...

5.8AI score

OpenVAS•added 2020/01/23 12:0 a.m.•38 views

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.05117EPSS

OpenVAS•added 2020/01/23 12:0 a.m.•33 views

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2019-1650)

7.5CVSS7.7AI score0.00143EPSS

The Hacker News•added 2020/01/14 2:52 p.m.•2 views

Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users...

6.3AI score

UbuntuCve•added 2019/12/20 3:15 p.m.•14 views

CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnomekeyringlockallsync function...

7.5CVSS7.1AI score0.0039EPSS

The Hacker News•added 2019/12/18 6:32 p.m.•39 views

Google Offers Financial Support to Open Source Projects for Cybersecurity

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The...

6.7AI score