CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

OSV•added 2024/02/28 9:15 a.m.•0 views

UBUNTU-CVE-2021-47035

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as t...

5.5CVSS6.2AI score0.00246EPSS

Exploits0References8

Vulnrichment•added 2024/02/28 8:13 a.m.•16 views

CVE-2021-47035 iommu/vt-d: Remove WO permissions on second-level paging entries

6.8AI score0.00246EPSS

Exploits0References4

Debian CVE•added 2024/02/28 8:13 a.m.•18 views

CVE-2021-47035

5.5CVSS6AI score0.00246EPSS

Exploits0

Snyk•added 2023/09/11 9:0 p.m.•2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...

9.6CVSS9.2AI score0.99739EPSS

Exploits9References3

ATTACKERKB•added 2023/03/09 12:15 a.m.•1 views

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

7.5CVSS7.1AI score0.00995EPSS

Exploits1References4

NVD•added 2023/03/09 12:15 a.m.•8 views

CVE-2023-27974

7.5CVSS7.7AI score0.00995EPSS

Exploits1References3

OSV•added 2023/03/09 12:15 a.m.•5 views

CVE-2023-27974

7.5CVSS6.8AI score

Exploits0References3

CVE•added 2023/03/08 12:0 a.m.•49 views

CVE-2023-27974

Bitwarden (versions up to 2023.2.1) is affected by a domain-matching password autofill issue: when visiting a subdomain like customer-website.example.com, a stored password for example.com may be auto-filled due to second-level domain matching. The vendor notes that “Auto-fill on page load” is no...

7.5CVSS7.6AI score0.00995EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2023/03/08 12:0 a.m.•3 views

PT-2023-21465 · Bitwarden · Bitwarden

Name of the Vulnerable Software and Affected Versions: Bitwarden versions through 2023.2.1 Description: The issue allows password auto-fill when the second-level domain matches. For example, a password stored for an example.com hosting provider will be auto-filled when visiting...

7.5CVSS7.1AI score0.00995EPSS

Exploits1References9

Cvelist•added 2023/03/08 12:0 a.m.•11 views

CVE-2023-27974

7.8AI score0.00995EPSS

Exploits1References3

Vulnrichment•added 2023/03/08 12:0 a.m.•13 views

CVE-2023-27974

6.9AI score0.00995EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 3:25 a.m.•2 views

SUSE CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.9CVSS7.2AI score0.26915EPSS

Exploits1References44

SUSE CVE•added 2023/02/15 3:25 a.m.•3 views

SUSE CVE-2022-33746

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing...

5.3CVSS6.9AI score0.00265EPSS

Exploits0References23

The Hacker News•added 2023/01/11 5:35 p.m.•2 views

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin aka QNAP worm, attributed to a threat actor dubbed DEV-0856, is a...

6.6AI score

Exploits0

Veracode•added 2022/11/25 6:33 p.m.•32 views

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS attacks. P2M pool freeing may take excessively long te P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks resulting i...

6.5CVSS7.1AI score0.00265EPSS

Exploits0References13Affected Software1

OSV•added 2022/10/11 1:15 p.m.•1 views

ALPINE-CVE-2022-33746

6.5CVSS6.9AI score0.00265EPSS

Exploits0References1

AlpineLinux•added 2022/10/11 1:15 p.m.•33 views

CVE-2022-33746

6.5CVSS2AI score0.00265EPSS

Exploits0

CVE•added 2022/10/11 12:0 a.m.•93 views

CVE-2022-33746

CVE-2022-33746 is a Xen hypervisor issue where the P2M pool backing second-level address translation for guests can become very large, causing freeing to take longer than expected due to lack of preemption checks. The vulnerability is discussed in multiple connected advisories across distribution...

6.5CVSS7.2AI score0.00265EPSS

Exploits0References8Affected Software1

Cvelist•added 2022/10/11 12:0 a.m.•34 views

CVE-2022-33746

7.6AI score0.00265EPSS

Exploits0References8

Debian CVE•added 2022/10/11 12:0 a.m.•57 views

CVE-2022-33746

6.5CVSS7.4AI score0.00265EPSS

Exploits0

Rows per page