CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2023/02/04 10:42 p.m.•211 views

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Linux Linux_Kernel

Bypassing Spectre-BTI User Space Mitigations on Linux Th...

7.5CVSS5.5AI score0.02399EPSS

Exploits3

hivepro•added 2023/02/01 9:9 a.m.•26 views

Infection and Evolution of the GOOTLOADER Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk an...

4.6AI score

RedHat Linux•added 2023/01/23 3:21 p.m.•2 views

kernel: iavf: Fix reset error handling

A deadlock condition exists in the linux kernel such that when calling iavfclose in iavfresettask error handling,doing so can lead to double call of napidisable thereby leading to a denial of service due to the deadlock...

5.5CVSS6.7AI score0.00118EPSS

Exploits0References5

BDU FSTEC•added 2023/01/23 12:0 a.m.•5 views

The vulnerability of the Task Scheduler in Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the Task Scheduler in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.2AI score0.00562EPSS

Exploits0References2

GoogleProjectZero•added 2023/01/19 12:0 a.m.•27 views

Exploiting null-dereferences in the Linux kernel

Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for...

7.7AI score

Cvelist•added 2023/01/18 9:10 p.m.•27 views

CVE-2023-0290 Rapid7 Velociraptor directory traversal in client ID parameter

Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server as a server...

4.8AI score0.00744EPSS

OSV•added 2023/01/17 6:56 p.m.•6 views

GSD-2023-1001242 netfilter: ipset: Rework long task execution when adding/deleting entries

netfilter: ipset: Rework long task execution when adding/deleting entries This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

OSV•added 2023/01/17 6:27 p.m.•10 views

GSD-2023-1000956 mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING

mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

7.2AI score

OSV•added 2023/01/17 6:19 p.m.•8 views

GSD-2023-1000876 netfilter: ipset: Rework long task execution when adding/deleting entries

OSV•added 2023/01/17 5:37 p.m.•9 views

GSD-2023-1000403 netfilter: ipset: Rework long task execution when adding/deleting entries

Positive Technologies•added 2023/01/17 12:0 a.m.•2 views

PT-2023-33186 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.84 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically a use-after-free UaF bug in the perf pending task function. The actual impact and attack...

Positive Technologies•added 2023/01/17 12:0 a.m.•3 views

PT-2023-33084 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.14 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically a use-after-free UaF bug in the perf pending task function. The actual impact and attack...

The Hacker News•added 2023/01/12 2:46 p.m.•3 views

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. "Throughout the attack, the attacker followed a...

7AI score

Citrix•added 2023/01/12 12:0 a.m.•7 views

App Layering - PVS Connector with Offload Enabled - Task Error "404 (Not Found)"

App Layering PVS connector with offload enabled "An unexpected system error occurred. Retry the operation or contact technical support. Exception Message: Response status code does not indicate success: 404 Not Found"...

OSV•added 2023/01/11 5:15 p.m.•5 views

CVE-2022-4457

Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's...

5.5CVSS5.8AI score0.00167EPSS