CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Talos Blog•added 2022/07/27 12:0 p.m.•81 views

What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads

By Nate Pors and Terryn Valikodath. Executive summary In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response CTIR observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely harvested during the 2021...

7.5CVSS0.99999EPSS

Exploits63

Microsoft KB•added 2022/07/26 12:0 a.m.•10 views

August 9, 2022-KB5015730 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2

August 9, 2022-KB5015730 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2 Release Date: August 9, 2022 Version: .NET Framework 3.5 and 4.8 The August 9, 2022 update for Windows...

6.6AI score

Tenable Nessus•added 2022/07/08 12:0 a.m.•13 views

Atlassian Jira 8.14.x < 8.20.5 Cross-Site Request Forgery

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.16 or 8.14.x prior to 8.20.5. It is, therefore, affected by a vulnerability allowing unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring...

4.3CVSS7.6AI score0.00469EPSS

Exploits0References2

OSV•added 2022/07/07 8:55 p.m.•0 views

GHSA-WGMR-MF83-7X4J Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service

Description Invalid HTTP/2 requests for example, invalid URIs are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying ...

7.5CVSS6.8AI score0.01818EPSS

Exploits0References7

OSV•added 2022/06/28 7:21 p.m.•6 views

GSD-2022-1003521 powerpc/kasan: Force thread size increase with KASAN

powerpc/kasan: Force thread size increase with KASAN This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.122 by commit...

OSV•added 2022/06/28 6:58 p.m.•8 views

GSD-2022-1003267 powerpc/kasan: Force thread size increase with KASAN

OSV•added 2022/06/28 6:30 p.m.•10 views

GSD-2022-1002954 powerpc/kasan: Force thread size increase with KASAN

OSV•added 2022/06/28 6:5 p.m.•4 views

GSD-2022-1002649 lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP

lkdtm/bugs: Don't expect thread termination without CONFIGUBSANTRAP This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.4 by commit...

OSV•added 2022/06/28 6:2 p.m.•8 views

GSD-2022-1002617 powerpc/kasan: Force thread size increase with KASAN

OSV•added 2022/06/27 10:10 p.m.•26 views

CVE-2022-31100 Reachable Assertion in rulex

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...

6.5CVSS6.8AI score0.00796EPSS

OSV•added 2022/06/24 11:3 a.m.•3 views

OESA-2022-1722 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was found in the libvirt nwfilter driver. The...

4.3CVSS6.7AI score0.01024EPSS

Exploits0References2

OSV•added 2022/06/19 6:15 a.m.•3 views

UBUNTU-CVE-2014-125020

A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decodeupdatethreadcontext. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue...

7.8CVSS6.6AI score0.00492EPSS

Kitploit•added 2022/06/18 9:30 p.m.•58 views

Hunt-Sleeping-Beacons - Aims To Identify Sleeping Beacons

The idea of this project is to identify beacons which are unpacked at runtime or running in the context of another process. To do so, I make use of the observation that beacons tend to call Sleep between their callbacks. A call to sleep sets the state of the thread to DelayExecution which is take...

7.5AI score

Exploits0References3

vulnersOsv•added 2022/06/17 12:25 a.m.•5 views

BrewStillery (>=1.0.0 <=6.0.2), Inflector (>=0.1.1 <=0.11.2) +3106 more potentially affected by unknown CVE via thread_local (>=0.2.7 <=1.0.1)

threadlocal CARGO version =0.2.7, =1.0.0, =0.1.1, =0.7.0, =0.1.0, =0.0.6, =0.1.1, =0.1.4, =0.1.0, =0.2.1, =0.2.3 - addr2line =0.6.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9HPW-R23R-XGM5...

5.8AI score

OSV•added 2022/06/16 11:48 p.m.•1 views

GHSA-CQPR-PCM7-M3JC Potential segfault in `localtime_r` invocations

Impact Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library...

5.8AI score

Rockylinux•added 2022/06/16 9:27 a.m.•12 views

glibc bug fix update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries libc, POSIX thread librarie...

0.7AI score