EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length ...
0.8AI Score
0.36EPSS
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1518)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature ...
0.5AI Score
0.003EPSS
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel ...
0.5AI Score
0.03EPSS
EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1489)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an...
0.4AI Score
0.054EPSS
What to do when you discover a data breach
Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which...
-0.4AI Score
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary....
5.5CVSS
6.6AI Score
0.001EPSS
Who is managing the security of medical management apps?
One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical...
-0.3AI Score
Cardinal RAT Resurrected to Target FinTech Firms
A malware family called Cardinal RAT has reappeared, after two years of silence, in a series of attacks that have been targeting Israel-based financial technology firms. After Cardinal RAT was first detected in 2017, the malware disappeared for two years. But now, in this latest campaign,...
0.2AI Score
TheCarProject v2 - Multiple SQL Injection Vulnerability
Exploit for php platform in category web...
AI Score
0.2AI Score
7.4AI Score
0.3AI Score
libmatio.so is vulnerable to denial of service (DoS) attacks. The vulnerability exists through a possible stack-based buffer over-read in a memcpy operation in Mat_VarReadNextInfo5() in src/mat5.c, resulting in a denial of service condition when the vulnerability is...
9.1CVSS
8.7AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
9.2AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
8.8AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
9.2AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
7AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
9.3AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.3AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
8.8AI Score
0.006EPSS
Threatpost News Wrap Podcast For Feb. 22
Threatpost editors Lindsey O’Donnell and Tom Spring discuss the biggest news of the week ended Feb. 22, including a report about flaws in password managers, and a 19-year-old flaw found in WinRAR. The Threatpost team also discussed an upcoming webinar on Feb. 27 at 2 p.m. ET. Patrick Hevesi of...
-0.7AI Score
Detection of Teradata Viewpoint. The script sends a connection request to the server and attempts to detect Teradata Viewpoint and to extract its...
7AI Score
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1CVSS
8AI Score
0.002EPSS
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1CVSS
8.1AI Score
0.002EPSS
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1CVSS
8AI Score
0.002EPSS
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1AI Score
0.002EPSS
Linux kernel is vulnerable to authorization bypass. The ovl_setattr function in fs/overlayfs/inode.c attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...
6.7CVSS
5.7AI Score
0.001EPSS
0.4AI Score
0.126EPSS
Security Advisory - Cache Timing Vulnerability in OpenSSL RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737). An attacker could exploit this vulnerability to recover the private key. (Vulnerability ID: HWPSIRT-2018-06015) Huawei has released software updates to fix this...
5.9CVSS
2.6AI Score
0.01EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
5.9CVSS
6.1AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7.3AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7.3AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.4CVSS
7.2AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.4CVSS
7.2AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7.3AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.4CVSS
7.3AI Score
0.002EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
5.9CVSS
5.5AI Score
0.002EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
5.9CVSS
6.1AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.3AI Score
0.002EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
6.1AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.3AI Score
0.002EPSS
Earlier this week hellor00t asked via Twitter: Where would you place your security researchers/hunt team? I replied: For me, "hunt" is just a form of detection. I don't see the need to build a "hunt" team. IR teams detect intruders using two major modes: matching and hunting. Junior people...
-0.4AI Score
Security Advisory - Two Vulnerabilities in Huawei eSpace Product
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. (Vulnerability...
7.4CVSS
6AI Score
0.002EPSS
Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7AI Score
0.002EPSS
Transparent Tor for Windows: Tallow
Tallow is a small program that redirects all outbound traffic from a Windows machine via the Tor anonymity network. Any traffic that cannot be handled by Tor, e.g. UDP, is blocked. Tallow also intercepts and handles DNS requests preventing potential leaks. Tallow has several applications,...
0.4AI Score
cinematheque.fr XSS vulnerability
Open Bug Bounty ID: OBB-684236 Description| Value ---|--- Affected Website:| cinematheque.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
As organizations move to cloud database platforms they shouldn't forget that data security and compliance requirements remain an obligation. This article explains how you can apply database audit and monitoring controls using Imperva SecureSphere V13.2 when migrating to database as a service cloud....
0.1AI Score
lavoixdunord-espace-abonnement.lavoix.com XSS vulnerability
Open Bug Bounty ID: OBB-677023 Description| Value ---|--- Affected Website:| lavoixdunord-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3.....
AI Score
lunion-espace-abonnement.lavoix.com XSS vulnerability
Open Bug Bounty ID: OBB-676916 Description| Value ---|--- Affected Website:| lunion-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3...
AI Score
grandes-ecoles.studyrama.com XSS vulnerability
Open Bug Bounty ID: OBB-669692 Description| Value ---|--- Affected Website:| grandes-ecoles.studyrama.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score