CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4499 matches found

Positive Technologies•added 2022/01/13 12:0 a.m.•5 views

PT-2022-7077 · Marked +1 · Marked +1

Name of the Vulnerable Software and Affected Versions: Marked versions prior to 4.0.10 Description: The issue is related to a denial of service caused by the regular expression inline.reflinkSearch potentially leading to catastrophic backtracking against some strings. This can affect anyone who...

7.8CVSS6AI score0.00708EPSS

Exploits2References26

RedHat Linux•added 2022/01/10 12:24 p.m.•51 views

Low: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging security and bug fix update (5.0.11)

An update is now available for OpenShift Logging 5.0.11 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

5.9CVSS7AI score0.74016EPSS

Exploits20References3

GitLab Advisory Database•added 2022/01/06 12:0 a.m.•6 views

Out-of-bounds Write in actix-web

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

9.8CVSS7.2AI score0.00363EPSS

Exploits0References5Affected Software1

NVD•added 2022/01/03 8:15 a.m.•9 views

CVE-2021-30272

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice ...

7.8CVSS0.00031EPSS

Exploits0References1

NVD•added 2022/01/03 8:15 a.m.•14 views

CVE-2021-30270

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables,...

7.8CVSS0.00031EPSS

Exploits0References1

Prion•added 2022/01/03 8:15 a.m.•14 views

Null pointer dereference

7.2CVSS7.7AI score0.00031EPSS

Exploits0References1

Prion•added 2022/01/03 8:15 a.m.•15 views

Null pointer dereference

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music...

7.2CVSS7.7AI score0.00031EPSS

Exploits0References1

CVE•added 2022/01/03 7:25 a.m.•50 views

CVE-2021-30272

CVE-2021-30272 describes a possible null pointer dereference in a Qualcomm Snapdragon thread cache operation handler caused by lack of validation of user-provided input. Affected components span multiple Snapdragon families (Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer...

7.8CVSS7.6AI score0.00031EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/01/03 7:25 a.m.•17 views

CVE-2021-30272

7.3CVSS7.9AI score0.00031EPSS

Exploits0References1

CVE•added 2022/01/03 7:25 a.m.•55 views

CVE-2021-30271

CVE-2021-30271 is a local vulnerability affecting Qualcomm Snapdragon platforms (across multiple Snapdragon product families) due to a null pointer dereference in the trap handler caused by missing thread ID validation before dereferencing. The issue is documented across multiple sources (NVD, Re...

7.8CVSS7.7AI score0.00031EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/01/03 7:25 a.m.•24 views

CVE-2021-30270

7.3CVSS7.9AI score0.00031EPSS

Exploits0References1

CVE•added 2022/01/03 7:25 a.m.•56 views

CVE-2021-30270

CVE-2021-30270 is a Qualcomm/ Snapdragon local vulnerability described as a null pointer dereference in the thread profile/trap handler caused by missing thread ID validation. Affected products include Snapdragon Auto, Compute, Connectivity, and other Snapdragon family components. CVSS metrics in...

7.8CVSS7.7AI score0.00031EPSS

Exploits0References1Affected Software1

OSV•added 2022/01/02 12:0 p.m.•26 views

RUSTSEC-2022-0008 Delegate functions are missing `Send` bound

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior. The flaw was corrected in commit afe3252 by adding Send bounds...

7AI score

Exploits0References3

Citrix•added 2021/12/30 12:0 a.m.•16 views

the PVS Target VMs cannot boot due to the following error message: --- Stop Code: SYSTEM THREAD EXCEPTION NOT HANDLED What Failed: CVhdMp.sys

The PVS Target VMs cannot boot due to the following error message: Stop Code: SYSTEM THREAD EXCEPTION NOT HANDLED What Failed: CVhdMp.sys...

7.1AI score

Exploits0

Tenable Nessus•added 2021/12/30 12:0 a.m.•48 views

Debian DLA-2852-1 : apache-log4j2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2852 advisory. Several security vulnerabilities were found in Apache Log4j2, a Logging Framework for Java, which could lead to a denial of service or information disclosure...

5.9CVSS7.6AI score0.74016EPSS

Exploits20References8

Tenable Nessus•added 2021/12/27 12:0 a.m.•114 views

FreeBSD : OpenSearch -- Log4Shell (b0f49cb9-6736-11ec-9eea-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b0f49cb9-6736-11ec-9eea-589cfc007716 advisory. - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain...

10CVSS8.2AI score0.94358EPSS

Exploits345References3

OSV•added 2021/12/25 11:3 a.m.•9 views

OESA-2021-1474 log4j security update

Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Threa...

10CVSS9.1AI score0.94358EPSS

Exploits347References4

IBM Security Bulletins•added 2021/12/23 6:34 p.m.•51 views

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-4104, CVE-2021-45046).

Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

10CVSS1.5AI score0.94358EPSS

Exploits346Affected Software2

VulnCheck KEV•added 2021/12/22 12:0 a.m.•1 views

VulnCheck KEV: CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This...

5.9CVSS7AI score0.74016EPSS

Exploits20References1

Broadcom•added 2021/12/21 12:0 a.m.•7 views

BSA-2021-1655

Security Advisory ID : BSA-2021-1655 Component : Apache Log4j StrSubstitutor Revision : 1.0 Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layo...

5.9CVSS6.6AI score0.74016EPSS

Exploits20

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by