Lucene search
K

22107 matches found

Microsoft CVE
Microsoft CVE
added 2024/12/07 8:0 a.m.6 views

Improper (D)TLS key boundary enforcement

...

5.3CVSS6AI score0.00513EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 8:0 a.m.4 views

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

...

6.5CVSS6.5AI score0.00962EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.5 views

CVE-2024-5288

...

5.9CVSS6.7AI score0.0042EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.3 views

CVE-2024-5814

...

5.3CVSS5.9AI score0.00466EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.8 views

CVE-2024-2881

...

8.8CVSS5.4AI score0.00464EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.2 views

CVE-2024-1545

...

8.8CVSS5.4AI score0.00544EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.4 views

CVE-2024-50228

...

7.3AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.5 views

CVE-2024-1543

...

5.5CVSS5.4AI score0.00185EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.5 views

CVE-2012-2677

...

5CVSS7.3AI score0.03889EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.4 views

CVE-2019-14584

...

7.8CVSS6.6AI score0.00328EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.3 views

CVE-2024-1544

...

4.9CVSS5.4AI score0.00349EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/06 12:21 a.m.26 views

Chromium: CVE-2024-12053 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.6AI score0.00862EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/05 8:0 a.m.127 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

4.3CVSS7.1AI score0.0107EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/03 8:0 a.m.2 views

Improper validation of IPv6 and IPvFuture addresses

...

6.3CVSS6.7AI score0.0067EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.3 views

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0 and Mbed Crypto. The PSA Crypto API mishandles shared memory.

...

8.2CVSS6.8AI score0.0084EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.6 views

Low-level invalid GF(2^m) parameters lead to OOB memory access

...

4.3CVSS6.6AI score0.05966EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.2 views

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

...

7.5CVSS7.5AI score0.00685EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.1 views

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

...

7.5CVSS7.5AI score0.0112EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.5 views

AES-SIV implementation ignores empty associated data entries

...

5.3CVSS6.7AI score0.00525EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.6 views

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

...

7.5CVSS7.2AI score0.00783EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.3 views

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations.

...

5.5CVSS5.5AI score0.00312EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.7 views

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset the maximum negotiable TLS version is mishandled.

...

7.5CVSS7.5AI score0.00468EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.6 views

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).

...

9.8CVSS5.8AI score0.00387EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 12:0 a.m.5 views

CVE-2024-30166

...

9.1CVSS7AI score0.0073EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/28 12:0 a.m.0 views

CVE-2024-45157

...

5.1CVSS7AI score0.00236EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/27 8:0 a.m.3 views

GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

...

6.5CVSS7.3AI score0.0111EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/27 8:0 a.m.6 views

Conversion of a wide string to a local string that leads to a heap of out-of-bound write

...

5.5CVSS6.4AI score0.02108EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/27 8:0 a.m.6 views

Conversion of a wide string to a local string that leads to a heap of out-of-bound write

...

5.5CVSS6AI score0.02421EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/26 8:0 a.m.24 views

Partner.Microsoft.Com Elevation of Privilege Vulnerability

An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network...

9.8CVSS6.8AI score0.01339EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/26 8:0 a.m.25 views

Microsoft Copilot Studio Elevation Of Privilege Vulnerability

Improper neutralization of input during web page generation 'Cross-site Scripting' in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network...

9.6CVSS6.7AI score0.00972EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/26 8:0 a.m.4 views

PostgreSQL PL/Perl environment variable changes execute arbitrary code

...

8.8CVSS7.8AI score0.04422EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/26 8:0 a.m.20 views

Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability

Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS6.8AI score0.00691EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/26 8:0 a.m.27 views

Microsoft Dynamics 365 Sales Spoofing Vulnerability

...

7.6CVSS6.8AI score0.00657EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/24 8:0 a.m.3 views

Qualys discovered that if unsanitized input was used with the library Modules: ScanDeps

...

7.8CVSS7AI score0.08598EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.4 views

PostgreSQL libpq retains an error message from man-in-the-middle

...

3.7CVSS6.3AI score0.0038EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.4 views

PostgreSQL row security below e.g. subqueries disregards user ID changes

...

5.4CVSS6.3AI score0.00786EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.2 views

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization.

...

8.7CVSS6.3AI score0.00873EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.4 views

PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID

...

4.2CVSS6.3AI score0.00705EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.4 views

In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

...

6.2CVSS6.4AI score0.00283EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.4 views

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump

...

5.5CVSS6.7AI score0.04524EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/23 8:0 a.m.4 views

Postgresql: role pg_signal_backend can signal certain superuser processes.

...

4.4CVSS6.3AI score0.02555EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/23 12:0 a.m.4 views

All versions of package datatables.net are vulnerable to Prototype Pollution

...

7.5CVSS6.2AI score0.0367EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2024/11/21 8:0 a.m.26 views

Chromium: CVE-2024-11395 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.6AI score0.00355EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/21 8:0 a.m.26 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

4.3CVSS7AI score0.00591EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/20 8:0 a.m.3 views

GNOME libsoup before 3.6.1 has an infinite loop and memory consumption. during the reading of certain patterns of WebSocket data from clients.

...

7.5CVSS7.5AI score0.00933EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/20 8:0 a.m.4 views

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. 

...

8.4CVSS7AI score0.00679EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/20 8:0 a.m.1 views

Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

...

7.8CVSS7.5AI score0.00894EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/20 8:0 a.m.7 views

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.

...

8.8CVSS5.8AI score0.00634EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/20 8:0 a.m.6 views

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations

...

7.5CVSS6.9AI score0.00793EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/20 8:0 a.m.3 views

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

...

5.5CVSS5.9AI score0.00416EPSS
Exploits1
Total number of security vulnerabilities22107