CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1430 matches found

ThreatPost•added 2020/05/20 5:37 p.m.•42 views

NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service RaaS model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers. Traditionally,...

0.2AI score

Exploits0References10

CNVD•added 2020/05/14 12:0 a.m.•11 views

FRRouting FRR Information Disclosure Vulnerability

FRRouting FRR is a set of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in the split-config feature in FRRouting FRR 7.3.1 and prior versions, which stems from the fact that when the split-config feature is used, the init script...

5.3CVSS5.1AI score0.00277EPSS

Exploits1References1

RedhatCVE•added 2020/05/13 7:10 p.m.•22 views

CVE-2020-12831

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...

4.3CVSS4.9AI score0.00277EPSS

Exploits1References3

OSV•added 2020/05/13 6:15 p.m.•1 views

DEBIAN-CVE-2020-12831

5.3CVSS6.6AI score0.00277EPSS

Exploits1References1

OSV•added 2020/05/13 6:15 p.m.•6 views

CVE-2020-12831

5.3CVSS5AI score

Exploits0References2

UbuntuCve•added 2020/05/13 6:15 p.m.•19 views

CVE-2020-12831

5.3CVSS6AI score0.00277EPSS

Exploits1References3

Prion•added 2020/05/13 6:15 p.m.•18 views

Design/Logic Flaw

4.3CVSS5AI score0.00277EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2020/05/13 5:42 p.m.•16 views

CVE-2020-12831

6.3AI score0.00277EPSS

Exploits1References2

CVE•added 2020/05/13 5:42 p.m.•105 views

CVE-2020-12831

CVE-2020-12831 affects FRRouting FRR up to 7.3.1. The issue arises when using the split-config feature: the init script creates an empty config file with world-readable permissions, enabling potential information leakage via tools/frr.in and tools/frrcommon.sh.in. Some sources label this as user ...

5.3CVSS4.9AI score0.00277EPSS

Exploits1References2Affected Software1

Debian CVE•added 2020/05/13 5:42 p.m.•21 views

CVE-2020-12831

5.3CVSS5.1AI score0.00277EPSS

Exploits1

Positive Technologies•added 2020/05/13 12:0 a.m.•4 views

PT-2020-13279 · Frrouting +4 · Frrouting Frr +4

Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions through 7.3.1 Description: An issue was discovered in FRRouting FRR when using the split-config feature. The init script creates an empty config file with world-readable default permissions, leading to a possible...

5.3CVSS6.5AI score0.00277EPSS

Exploits1References19

Talos Blog•added 2020/05/07 11:0 a.m.•22 views

Threat Source newsletter for May 7, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an actual episode with...

0.3AI score

Exploits0

OSV•added 2020/04/28 6:15 a.m.•2 views

UBUNTU-CVE-2020-12284

cbsjpegsplitfragment in libavcodec/cbsjpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEGMARKERSOS handling because of a missing length check...

9.8CVSS7.2AI score0.22EPSS

Exploits2References5

OSV•added 2020/04/15 8:15 p.m.•1 views

DEBIAN-CVE-2019-12520

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo...

7.5CVSS6.7AI score0.06184EPSS

Exploits0References1

NVD•added 2020/04/08 6:15 p.m.•8 views

CVE-2018-21068

An issue was discovered on Samsung mobile devices with O8.0 software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 July 2018...

6.2CVSS6.5AI score0.00018EPSS

Exploits0References1

OSV•added 2020/04/08 6:15 p.m.•2 views

CVE-2018-21068

6.2CVSS5.8AI score0.00018EPSS

Exploits0References1

Prion•added 2020/04/08 6:15 p.m.•15 views

Default credentials

2.1CVSS6.5AI score0.00018EPSS

Exploits0References1Affected Software1

Microsoft Secure•added 2020/03/26 4:0 p.m.•39 views

Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios

With the bulk of end users now working remotely, legacy network architectures that route all remote traffic through a central corporate network are suddenly under enormous strain. The result can be poorer performance, productivity, and user experience. Many organizations are now rethinking their...

0.4AI score

Exploits0

RedHat Linux•added 2020/03/18 5:36 p.m.•3 views

elasticsearch: Improper permission issue when attaching a new name to an index

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the aliases, shrink, or split endpoints are used . If the elasticsearch.yml file has xpack.security.dlsfls.enabled set to false, certain permission...

8.1CVSS5.8AI score0.00771EPSS

Exploits0References4

RedHat Linux•added 2020/03/18 2:51 p.m.•2 views

elasticsearch: Improper permission issue when attaching a new name to an index

8.1CVSS5.8AI score0.00771EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by