CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlpineLinux•added 2022/02/11 12:0 a.m.•33 views

CVE-2022-0561

Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712...

5.5CVSS6.5AI score0.0125EPSS

Exploits1

Debian CVE•added 2022/02/11 12:0 a.m.•39 views

CVE-2022-0561

5.5CVSS6.8AI score0.0125EPSS

Exploits1

ThreatPost•added 2022/02/10 11:16 p.m.•207 views

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...

8.6AI score

Exploits0References21

Hacker One•added 2022/02/10 6:36 a.m.•53 views

Nextcloud: Information Exposure Through Directory Listing vulnerability

A directory listing provides an attacker with the complete index of all the resources located inside of the directory as well as download or access its contents. While the researcher did not dig deeper on to the available files, it might be possible that these websites host sensitive information...

1.1AI score

Exploit DB•added 2022/02/10 12:0 a.m.•295 views

Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score

Tenable Nessus•added 2022/02/09 12:0 a.m.•35 views

AlmaLinux 8 : annobin (ALSA-2021:4593)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4593 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

Tenable Nessus•added 2022/02/09 12:0 a.m.•35 views

AlmaLinux 8 : llvm-toolset:rhel8 (ALSA-2021:4743)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4743 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced in cla...

8.3CVSS7.6AI score0.12205EPSS

Tenable Nessus•added 2022/02/09 12:0 a.m.•251 views

AlmaLinux 8 : gcc-toolset-10-annobin (ALSA-2021:4592)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4592 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

Tenable Nessus•added 2022/02/09 12:0 a.m.•48 views

AlmaLinux 8 : gcc-toolset-11-annobin (ALSA-2021:4591)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4591 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

Tenable Nessus•added 2022/02/09 12:0 a.m.•307 views

AlmaLinux 8 : gcc-toolset-11-gcc (ALSA-2021:4586)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4586 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

Tenable Nessus•added 2022/02/07 12:0 a.m.•22 views

Mitsubishi Electric SmartRTU Forced Browsing (CVE-2018-16060)

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information directory listing and source code via a direct request to the /web URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

7.5CVSS7.4AI score0.19612EPSS

Exploits4References3

Prion•added 2022/02/04 7:15 p.m.•14 views

Directory traversal

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...

5CVSS7.6AI score0.01801EPSS

Exploits0References2Affected Software1

Hacker One•added 2022/02/01 7:12 p.m.•17 views

Cloudflare Public Bug Bounty: Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration

Cloudflare uses Sentry for application monitoring and error tracking. Due to the tool's misconfiguration source code scraping feature enabled, it was possible to sent blind requests to any endpoints using the Cloudflare infrastructure. The issue has been fixed by the Engineering team and the sour...

1.7AI score