6.7 CVE-2019-4383
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases,...

2023-01-31 21:36:00

6.1 CVE-2020-16242
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow...

2023-01-31 21:36:00

6.5 CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated...

2023-01-31 21:36:00

5.5 CVE-2019-4299
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly...

2023-01-31 21:27:00

7.1 CVE-2019-4298
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account...

2023-01-31 21:26:00

4.3 CVE-2019-4308
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM...

2023-01-31 21:18:00

7.5 CVE-2019-4310
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting...

2023-01-31 21:18:00

7.8 CVE-2019-4473
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure...

2023-01-31 21:18:00

5.4 CVE-2019-5458
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with...

2023-01-31 21:17:00

8.2 CVE-2019-4419
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection...

2023-01-31 21:14:00

6.2 CVE-2019-4420
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing...

2023-01-31 21:14:00

6.1 CVE-2020-25739
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode...

2023-01-31 21:14:00

What is the Sherlock® KB project?

First of all KB for "Knowledge Base". The company ProHacktive is making its database of known vulnerabilities to date available for free. This database combines Nist's CVE database (https://nvd.nist.gov/), the CWE database (https://cwe.mitre.org/) and the CAPEC database (https://capec.mitre.org/).

For what purpose?

ProHacktive's promise is the democratization of the Cybersecurity Audit. For this, it seemed relevant to us to offer our "Knowledge Base" in different languages. Associated with this multilingual database, a clear and concise interface allows you to consult all the CVE ("Common Vulnerabilities and Exposures") present on your network. The Sherlock® service database is updated every hour from the various sources enriching our Sherlock® KB and immediately tested on the devices concerned by the new vulnerability.

Search for vulnerabilities

We also offer a simple search module in the description of each CVE. For the more curious, an advanced search allows you to point precisely to an application, an OS or a hardware. This advanced search is based on the mechanics used in our solution Sherlock®: the permanent Cybersecurity audit accessible financially and technically to all.

Developments?

We will add new languages regularly. A monitoring module will be implemented: you will be able to monitor an application, an OS or a hardware to be alerted of new vulnerabilities concerning it. Subscribe to our mailing list to be alerted when this feature is released (available on search results).