CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2022/06/15 12:0 a.m.•2 views

Yandex Browser 后置链接漏洞

Yandex Browser is a desktop web browser from the Russian company Yandex. A security vulnerability exists in Yandex Browser for Windows prior to 22.3.3.684, which originates from a vulnerability that allows local, low-privilege attackers to execute arbitrary code with SYSTEM privileges by...

7.8CVSS7.9AI score0.00119EPSS

Positive Technologies•added 2022/04/28 12:0 a.m.•1 views

PT-2022-3562 · American Megatrends +1 · Ami Megarac +1

Name of the Vulnerable Software and Affected Versions: AMI Megarac affected versions not specified Description: The issue is related to the interception of password reset requests via API. There is also a mention of a vulnerability in the OpenSSL library used by the TYCHON network endpoint...

8.8CVSS9.1AI score0.00209EPSS

Exploits0References12

CNNVD•added 2022/02/15 12:0 a.m.•2 views

crossbeam 竞争条件问题漏洞

crossbeam is a tool for individual developers that applies to concurrent programming. A competitive conditions issue vulnerability exists in crossbeam that arises from improper design or implementation during code development of a networked system or product...

8.1CVSS7.8AI score0.00361EPSS

Exploits1References4

OSV•added 2022/02/10 6:15 p.m.•2 views

CVE-2022-0017

An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This iss...

7.8CVSS7.3AI score0.00039EPSS

Positive Technologies•added 2022/01/11 12:0 a.m.•1 views

PT-2022-1569 · Microsoft · Windows Resilient File System +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to errors in code generation management in the Windows Resilient File System ReFS. It can be exploited by sending a specially crafted request...

7.2CVSS9.6AI score0.01417EPSS

Exploits0References12

CNNVD•added 2021/11/29 12:0 a.m.•8 views

Panda Security Free Antivirus 权限许可和访问控制问题漏洞

Panda Security Free Antivirus is a free antivirus program from the Spanish company Panda Security. Panda Security Free Antivirus suffers from a privilege-granting and access-control issue vulnerability that can be exploited by an attacker to elevate privileges and execute arbitrary code in the...

7.8CVSS7.7AI score0.00049EPSS

Exploits0References5

OSV•added 2021/10/13 6:15 p.m.•1 views

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

7.3CVSS6.1AI score0.00031EPSS

OSV•added 2021/07/15 8:15 p.m.•2 views

CVE-2020-11634

The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context...

7.8CVSS6.1AI score0.00064EPSS

Fedora•added 2021/07/14 1:21 a.m.•54 views

[SECURITY] Fedora 34 Update: glibc-2.33-20.fc34

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

9.1CVSS2AI score0.01407EPSS

Zero Day Initiative•added 2021/05/26 12:0 a.m.•55 views

(Pwn2Own) Microsoft Exchange Server Missing Check of Message Integrity Vulnerability

This vulnerability allows network-adjacent attackers to tamper with update data on affected installations of Microsoft Exchange Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of Exchange Server Help updates. The issue results from ...

3.5CVSS1.4AI score0.00649EPSS

Fedora•added 2021/05/22 1:8 a.m.•87 views

[SECURITY] Fedora 33 Update: glibc-2.32-6.fc33

1.9CVSS2AI score0.00037EPSS

Fedora•added 2021/03/19 8:27 p.m.•50 views

[SECURITY] Fedora 34 Update: glibc-2.33-5.fc34

2.5CVSS2AI score0.00037EPSS

OSV•added 2021/02/10 11:15 p.m.•0 views

CVE-2020-27871

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

7.2CVSS7.4AI score

OSV•added 2021/02/09 5:15 p.m.•0 views

CVE-2020-25245

A vulnerability has been identified in DIGSI 4 All versions V4.94 SP1 HF 1. Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM...

7.8CVSS5.8AI score

Fedora•added 2021/01/18 1:35 a.m.•97 views

[SECURITY] Fedora 33 Update: glibc-2.32-3.fc33

7.1CVSS7.6AI score0.00805EPSS

OSV•added 2021/01/06 1:15 a.m.•0 views

CVE-2020-36164

An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file which does not exist at the following locations in both the System drive typically C:\ and the product's...

8.8CVSS7.8AI score0.00049EPSS

ATTACKERKB•added 2021/01/06 1:15 a.m.•1 views

CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager aka VIOM Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from...

9.3CVSS6.2AI score0.00049EPSS